Re: How to clear the mac address table on a 5505

jessica jestol · ‎01-05-2018

I had a site where we had to change out a server and the new server had the same IP. Cleared the arp on the L3 switch and was able to ping the new server from that switch. I could not ping it from the ASA 5505 directly connected to that switch. I could not find a way to clear the mac-address-table on the 5505 so I ended up having to reboot it which dropped the VPN tunnel and caused all kinds of headaches. Is there an easier way to do this?

Marvin Rhoads · ‎01-05-2018

Did "clear mac-address-table" not work for you?

https://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/A-H/cmdref1/c3.html#pgfId-2155522

johnlloyd_13 · ‎01-06-2018

hi,

did you try the clear arp command?

Marvin Rhoads · ‎01-06-2018

John,

The arp table is MAC address to IP address mapping.

The MAC address table maps MAC addresses to physical ports in a switch (which function the 5505 includes).

jessica jestol · ‎01-08-2018

I did try the clear arp command.

Ajay Saini · ‎01-06-2018

Hello,

'Clear mac-address-table' will only work in transparent mode. In routed mode, you can only view the mac address table by issuing 'show switch mac-address-table'

https://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/A-H/cmdref1/c3.html#pgfId-2155522

The closest you can go in terms of clearing the mac address is 'clear arp' as John mentioned and that should resolve any stale mac address stored in switch fabric as well for ASA 5505.

-HTH

AJ

Marvin Rhoads · ‎01-07-2018

Ah thanks Ajay - I missed the firewall mode restriction on that command. Good catch.

jessica jestol · ‎01-08-2018

This was my understanding as well but clear arp didn't resolve my issue. Only after rebooting the ASA was the new MAC associated with the correct IP. I cleared connections (even though sh conn didn't show any connections to that IP) and xlates on the off chance the natting was contributing but as I expected, it didn't make any difference.