Re: Arp cache update problem between router 3640 and firewall cl

mperduca · ‎05-08-2003

The situation is the following: I have two Cisco routers 3640 in HSRP. In the same LAN has been installed a cluster firewall (CheckPoint) for have the redundance. The problem is that when there is a swap between the two cluster nodes the router don't update his cache arp but directs always the old node mac address. If I force the cache update the problem disappears. Why the router don't update the arp table also if the cluster send an arp reply? Can be an IOS problem? Actually in the router runs the (C3640-IS-M), Version 12.1(5)T8

mark-obrien · ‎05-08-2003

Does the cluster send an ARP reply when there is a swap? The router will not send an ARP request if it already has an ARP entry in it's cache.

Does the firewall cluster have a way of sharing a MAC address as well as an IP address?

Mark

mperduca · ‎05-08-2003

I will made some test /debugs for see what the router receives from the cluster. I don't know well how the cluster runs but when there is the swap is not it that must send a message to router for update this arp cache? What type of debug can I perform in the router? Can I check the refresh time of the arp table in the router?

mark-obrien · ‎05-08-2003

I expect that the cluster is supposed to send a promiscuous ARP reply when it swaps, but I don't know. You can do a "debug arp" in the router, but this could produce a lot of output and affect the operation of the router if the network is busy.

Is the firewall cluster using VRRP or some other method?

Mark

rjackson · ‎05-08-2003

If the cluster is set up right it should be using one mac address just like the hsrp routers are. No arp update is required.

Arp cache update problem between router 3640 and firewall cluster