Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1172
Views
5
Helpful
8
Replies

2960x Switchport itself ARPing the very device connected to it

Go to solution
stratton22
Level 1
Level 1

‎07-13-2021 06:20 AM

I have a  WS-C2960X-48FPS-L 15.2(2)E9  that is ARPing for the very device connected to it. The ARP request originates from the very port the device is connected to.  This is not the port just passing on an ARP request from something else. this is the port itself generating the ARP request.  Couple of odd things

 

Why would a switchport ever ARP for anything.  The ARP request is a unicast vs a broadcast. The source IP is 0.0.0.0. This behavior apparently is present only on ports that the device is off but the NIC has done DHCP for Wake-on-LAN purposes.

 

For example: Let me show the interface to see the MAC, the mac table for that interface and the ARP request and reply.  This shows that the ARP request originated at the switchport.

 

Q: Is this a bug or a config I don't understand?

 

 

---------

Sh int g2/0/27

  GigabitEthernet2/0/27 is up, line protocol is up (connected)

  Hardware is Gigabit Ethernet, address is 3c0e.23ea.139b (bia 3c0e.23ea.139b)

------------

sh mac addr | i 2/0/27
400 40a8.f044.0ab5 DYNAMIC Gi2/0/27

 

 

--------------

Frame 41: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{D07B84DF-9EB1-4A85-A853-DC9272598409}, id 0
Ethernet II, Src: Cisco_ea:13:9b (3c:0e:23:ea:13:9b), Dst: HewlettP_44:0a:b5 (40:a8:f0:44:0a:b5)
Address Resolution Protocol (request)
Hardware type: Ethernet (1)
Protocol type: IPv4 (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: request (1)
Sender MAC address: Cisco_ea:13:9b (3c:0e:23:ea:13:9b)
Sender IP address: 0.0.0.0
Target MAC address: HewlettP_44:0a:b5 (40:a8:f0:44:0a:b5)
Target IP address: 10.69.188.151

 

-------

Frame 42: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{D07B84DF-9EB1-4A85-A853-DC9272598409}, id 0
Ethernet II, Src: HewlettP_44:0a:b5 (40:a8:f0:44:0a:b5), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (reply)
Hardware type: Ethernet (1)
Protocol type: IPv4 (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: reply (2)
Sender MAC address: HewlettP_44:0a:b5 (40:a8:f0:44:0a:b5)
Sender IP address: 10.69.188.151
Target MAC address: Cisco_ea:13:9b (3c:0e:23:ea:13:9b)
Target IP address: 0.0.0.0

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to stratton22

‎07-13-2021 07:28 AM

Do you have IP device tracking enabled on the switch? This document is for the 7k series but may apply to the 2960x depending on the IOS version.

 

https://www.cisco.com/c/en/us/support/docs/switches/nexus-7000-series-switches/200397-Nexus-7000-Understanding-and-Remediatin.html

 

HTH

View solution in original post

8 Replies 8

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎07-13-2021 06:27 AM

As per the device, device has its own MAC Address.

 

sh mac addr | i 2/0/27
400 40a8.f044.0ab5 DYNAMIC Gi2/0/27

 

this is the device connected and it will resolve the same when you do show ip arp | in 40a8.f044.0ab5

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
stratton22
Level 1
Level 1
In response to balaji.bandi

‎07-13-2021 07:16 AM

Thx for the reply but my question is why is it sending the ARP request at all? and it is doing so every 30-60 seconds.

 

The issue it generates is the ARP Reply by the client.  As the source IP was 0.0.0.0 the client is unable to unicast the reply but has to broadcast it.   This reply hits our Nexus 7K who sees the destination address of 0.0.0.0 and adds an error entry to the logfile. Our logfiles are filling up with the entries.

 

 

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to stratton22

‎07-13-2021 07:28 AM

Do you have IP device tracking enabled on the switch? This document is for the 7k series but may apply to the 2960x depending on the IOS version.

 

https://www.cisco.com/c/en/us/support/docs/switches/nexus-7000-series-switches/200397-Nexus-7000-Understanding-and-Remediatin.html

 

HTH

Go to solution
stratton22
Level 1
Level 1
In response to Reza Sharifi

‎07-13-2021 07:34 AM

 

 

We do. It was added by DNA.

0 Helpful

Go to solution
stratton22
Level 1
Level 1
In response to stratton22

‎07-13-2021 07:41 AM

The document you referenced mention another doc that described how to raise the logging level for "erroneous ARPs" to keep them from flooding the logs.

0 Helpful

Go to solution
stratton22
Level 1
Level 1
In response to stratton22

‎07-13-2021 07:50 AM

Allow me a little speculation 

 

We are seeing these ARP requests it seems for just those devices that are "off" but are still doing DHCP for Wake-on-LAN purpose. I'll guess these "discovery ARPs" are not needed for active devices as the switch can see whom/what they.   These "off" devices get ARPed periodically because they are too quiet?

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to stratton22

‎07-13-2021 08:19 AM

Hello @stratton22 ,

yes it looks like that with IP device tracking on the switch will attempt to verify quiet clients .

Doing it every 60 seconds I agree is too much.

 

Have you been able to mask/filter  the log messages ?

 

Hope to help

Giuseppe

 

0 Helpful

Go to solution
stratton22
Level 1
Level 1
In response to Giuseppe Larosa

‎07-13-2021 08:32 AM

Yes more retrictive ARP logging has been successful.

 

  Thx for your time. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card