cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1781
Views
10
Helpful
9
Replies

About GratuitousARP on cisco ASA/FP

luanyunfeidu
Level 1
Level 1

Hello:

Considering the following scenario:

SwitchA----FP1120----SwitchB(ISP switch)

The FP1120 is the FW used to replace a old fw. after FP being up, i moved the cable from the old fw to FP, like topology above.

But here comes a problem, the traffic between two switches seems  to be dropped. i did some check , found that the MAC associated with the Gateway IP(configured on the FP) on the switchA was still previous mac(belongs to the old fw),i think it maybe occured on switchB. after few minutes, it worked eventually , was the ARP entry timeout on both switches?

Then i tried it again, i cleared the arp-cache on switchA,and it worked!

Here is my question:

    Will  a ASA/FP send a Gratuitous ARP when a interface's state turns to up?

Any help would be much appreciated!

 

1 Accepted Solution

Accepted Solutions

Screenshot (69).png

the only case I see that SW not detect GARP send from FW is that FW is config with IP before you connect it to SW.

how we can solve this 
1- your solution which clear arp table in SW 
2- connect to SW and then assign same IP again, this force the FW to send GARP to SW (I test this and when assign same IP I success)

View solution in original post

9 Replies 9

As far as I know not on link up, but when the IP is set on an interface. With that the solving of problems like these can be sped up if there is no way to clear the ARP cache on the neighbouring router.

thanks for reply. 

yeah, there's no permission to configure switchB. ,so i cann't clear the arp-cache on it. the only thing i can do is wait the arp timeout on switchB or just reload it.

Does it mean i can configure another ip on the interface to initiate a GARP ? Is there any command which can force asa/fp to send GARP?

I am not aware of a specific command, but changing the IP and changing it back does the job.

this what I need to check in Lab 
does change IP send GARP 
or 
shut/no shut ASA interface send GARP 

I will update all

both SW not learn the MAC of ASA interface ?
are you run FW as transparent Mode?

thanks for reply:

FW is running as routed mode.

Yes, the mac address associated with the gateway ip still was the previous fw's, wasn't updated. 

I'm just curious why FP/ASA doens't send a GARP to update peer's arp cache when a routed interface turns to up , the peer don't send arp request until it's arp cache timeout.befor this, it keeps using the wrong mac-ip binding.

 

I will run lab and check this issue 

Screenshot (69).png

the only case I see that SW not detect GARP send from FW is that FW is config with IP before you connect it to SW.

how we can solve this 
1- your solution which clear arp table in SW 
2- connect to SW and then assign same IP again, this force the FW to send GARP to SW (I test this and when assign same IP I success)

yes, the case is what i met! i configured the  ip befor connected it.

that is to say, ASA/FP doesn't  sent GARP automatically in this scenario .

OK, got it ! I'm really grateful for your help,

Review Cisco Networking for a $25 gift card