Solved: Re: About GratuitousARP on cisco ASA/FP

luanyunfeidu · ‎12-11-2022

Hello:

Considering the following scenario:

SwitchA----FP1120----SwitchB(ISP switch)

The FP1120 is the FW used to replace a old fw. after FP being up, i moved the cable from the old fw to FP, like topology above.

But here comes a problem, the traffic between two switches seems to be dropped. i did some check , found that the MAC associated with the Gateway IP(configured on the FP) on the switchA was still previous mac(belongs to the old fw),i think it maybe occured on switchB. after few minutes, it worked eventually , was the ARP entry timeout on both switches?

Then i tried it again, i cleared the arp-cache on switchA,and it worked!

Here is my question:

Will a ASA/FP send a Gratuitous ARP when a interface's state turns to up?

Any help would be much appreciated!

MHM Cisco World · ‎12-11-2022

the only case I see that SW not detect GARP send from FW is that FW is config with IP before you connect it to SW.

how we can solve this
1- your solution which clear arp table in SW
2- connect to SW and then assign same IP again, this force the FW to send GARP to SW (I test this and when assign same IP I success)

View solution in original post

Karsten Iwen · ‎12-11-2022

As far as I know not on link up, but when the IP is set on an interface. With that the solving of problems like these can be sped up if there is no way to clear the ARP cache on the neighbouring router.

luanyunfeidu · ‎12-11-2022

thanks for reply.

yeah, there's no permission to configure switchB. ,so i cann't clear the arp-cache on it. the only thing i can do is wait the arp timeout on switchB or just reload it.

Does it mean i can configure another ip on the interface to initiate a GARP ? Is there any command which can force asa/fp to send GARP?

Karsten Iwen · ‎12-11-2022

I am not aware of a specific command, but changing the IP and changing it back does the job.

MHM Cisco World · ‎12-11-2022

this what I need to check in Lab
does change IP send GARP
or
shut/no shut ASA interface send GARP

I will update all

MHM Cisco World · ‎12-11-2022

both SW not learn the MAC of ASA interface ?
are you run FW as transparent Mode?

luanyunfeidu · ‎12-11-2022

thanks for reply:

FW is running as routed mode.

Yes, the mac address associated with the gateway ip still was the previous fw's, wasn't updated.

I'm just curious why FP/ASA doens't send a GARP to update peer's arp cache when a routed interface turns to up , the peer don't send arp request until it's arp cache timeout.befor this, it keeps using the wrong mac-ip binding.

MHM Cisco World · ‎12-11-2022

I will run lab and check this issue

MHM Cisco World · ‎12-11-2022

the only case I see that SW not detect GARP send from FW is that FW is config with IP before you connect it to SW.

how we can solve this
1- your solution which clear arp table in SW
2- connect to SW and then assign same IP again, this force the FW to send GARP to SW (I test this and when assign same IP I success)

luanyunfeidu · ‎12-11-2022

yes, the case is what i met! i configured the ip befor connected it.

that is to say, ASA/FP doesn't sent GARP automatically in this scenario .

OK, got it ! I'm really grateful for your help,