Solved: 1 1c6a.7a07.01d1

lohit prasad · ‎11-14-2016

Hi

If a switch or router learns ARP entry dynamic in arp table. Then my doubts

(1) if box is rebooted with 10 ARP dynamic entries then after box comes up will it have all arp entry ?

(2) If I should down an interface or remove ip address why ARP table is becoming empty?

(3) Lets say Switch A learns Mac address aaa.bbb.ccc of PC X at fa 0/1.

then if PC X is removed from fa 0/1 and put in fa 0/2

then will ARP or Mac address get updated after ping from PC X ?

(4) in above scenario if PC Y is inserted to Fa 0/3 with same mac aaa.bbb.ccc then what happens to mac table and arp table ?

(5) If L2 switch doesnot have ARP table then what about Management interface ? how will it use ARP and how wil it route if no route table for switch?

Richard Burts · ‎11-14-2016

1) If a box with 10 dynamic ARP entries is rebooted then when the box comes on line again its ARP table would be empty. It would need to learn those 10 addresses again.

2) If you down an interface or remove its IP address then the ARP entries associated with that interface are removed. Remember that the purpose of the ARP table is to tell the device what interface it should use to access specified IP addresses. If the interface is down or if its IP is removed then the ARP entries associated with that interface are no longer valid (you can no longer use that interface to access those addresses) and so it is appropriate to remove those entries from the ARP table.

3) The logic goes like this:

- switch learns MAC of device on fa0/1 and creates an ARP entry.

- that ARP entry will remain in the ARP table until either A) the device learns that MAC on a different interface or B) the ARP entry times out (typically after 4 hours).

- the device is moved from fa0/1 to fa0/2. If the device sends out an ARP response on fa0/2 then the switch will immediately learn that the MAC is now on fa0/2 and will update the ARP table. Otherwise the original entry will continue in the ARP table until it expires. As the entry expires the switch will send an ARP request and will then learn that the device is now on fa0/2.

4) Having two devices with the same MAC address causes problems and manufacturers work hard to make sure that it not happen naturally. To have two devices with the same MAC you would need to make changes in one of the devices. But if you do make the changes then this is what happens.

A) the MAC table will flap. It sees a frame from the first device and the MAC table will have fa0/2. Then the switch sees a frame from the other device and the MAC table will be updated and will have fa0/3. When the switch sees another frame from the first device the MAC table is updated to fa0/2. And the MAC table gets updated to fa0/3 when it sees a frame from the other device. This process goes on and on and on.

B) assuming that the second device has a different IP address then the ARP table will have two entries. It has an entry for the IP in fa0/2 and an entry for the IP in fa0/3, and both entries will show the same MAC address.

5) a L2 switch does have an ARP table. You seem to associate the ARP table with layer 3 forwarding devices (routers and L3 switches). But any device that has an IP address will have an ARP table. Your PC has an ARP table. The L2 switch has an ARP table. The L2 switch does not use its ARP table for forwarding any traffic but does use the ARP table for any packet originated from its management interface.

HTH

Rick

HTH

Rick

View solution in original post

Joseph W. Doherty · ‎11-14-2016

Just wanted to elaborate/emphasis on a point made by Rick in answers 3 and 5.

The ARP table is used by IP hosts whne communicating with other IP hosts. As Rick explains in his answer 5, with a switch, the ARP table only comes into "play" when the management IP of the switch is communicating with other IP hosts; it has nothing to do with a switch forwarding traffic.

So to your OP question 3, "Lets say Switch A learns Mac address aaa.bbb.ccc of PC X at fa 0/1.", if the switch saw a frame on port f0/1, with a source MAC of aaa.bbb.ccc, it would load that into its MAC table, used for switching L2 frames, and not directly related to the switch's ARP table (although both may contain the same MAC value).

View solution in original post

Richard Burts · ‎11-14-2016

1) If a box with 10 dynamic ARP entries is rebooted then when the box comes on line again its ARP table would be empty. It would need to learn those 10 addresses again.

2) If you down an interface or remove its IP address then the ARP entries associated with that interface are removed. Remember that the purpose of the ARP table is to tell the device what interface it should use to access specified IP addresses. If the interface is down or if its IP is removed then the ARP entries associated with that interface are no longer valid (you can no longer use that interface to access those addresses) and so it is appropriate to remove those entries from the ARP table.

3) The logic goes like this:

- switch learns MAC of device on fa0/1 and creates an ARP entry.

- that ARP entry will remain in the ARP table until either A) the device learns that MAC on a different interface or B) the ARP entry times out (typically after 4 hours).

- the device is moved from fa0/1 to fa0/2. If the device sends out an ARP response on fa0/2 then the switch will immediately learn that the MAC is now on fa0/2 and will update the ARP table. Otherwise the original entry will continue in the ARP table until it expires. As the entry expires the switch will send an ARP request and will then learn that the device is now on fa0/2.

4) Having two devices with the same MAC address causes problems and manufacturers work hard to make sure that it not happen naturally. To have two devices with the same MAC you would need to make changes in one of the devices. But if you do make the changes then this is what happens.

A) the MAC table will flap. It sees a frame from the first device and the MAC table will have fa0/2. Then the switch sees a frame from the other device and the MAC table will be updated and will have fa0/3. When the switch sees another frame from the first device the MAC table is updated to fa0/2. And the MAC table gets updated to fa0/3 when it sees a frame from the other device. This process goes on and on and on.

B) assuming that the second device has a different IP address then the ARP table will have two entries. It has an entry for the IP in fa0/2 and an entry for the IP in fa0/3, and both entries will show the same MAC address.

5) a L2 switch does have an ARP table. You seem to associate the ARP table with layer 3 forwarding devices (routers and L3 switches). But any device that has an IP address will have an ARP table. Your PC has an ARP table. The L2 switch has an ARP table. The L2 switch does not use its ARP table for forwarding any traffic but does use the ARP table for any packet originated from its management interface.

HTH

Rick

HTH

Rick

Joseph W. Doherty · ‎11-14-2016

Just wanted to elaborate/emphasis on a point made by Rick in answers 3 and 5.

The ARP table is used by IP hosts whne communicating with other IP hosts. As Rick explains in his answer 5, with a switch, the ARP table only comes into "play" when the management IP of the switch is communicating with other IP hosts; it has nothing to do with a switch forwarding traffic.

So to your OP question 3, "Lets say Switch A learns Mac address aaa.bbb.ccc of PC X at fa 0/1.", if the switch saw a frame on port f0/1, with a source MAC of aaa.bbb.ccc, it would load that into its MAC table, used for switching L2 frames, and not directly related to the switch's ARP table (although both may contain the same MAC value).

lohit prasad · ‎11-16-2016

One more Doubt Rick & Joseph,

If I reboot a router by doing wr mem then

ARP table with 10 entries will also go like switch for router ?

MAC table of 100 entries will also go ?

If ARP entry is taken out after reboot then how about MAC table ? does it work same function like erase all mac if we reboot with wr mem ?

But I donot see it for routing table, if I do wr mem and reboot then L3 switch and router recreates routing table entry.

lohit prasad · ‎11-16-2016

Experts,

I just chekced ARP table and Mac table of L3 switch 3750 and there were some dynamic entries and did wr mem and rebooted.

I did not send traffic but Arp and mac table learnt back how come ?

lohit prasad · ‎11-16-2016

1 1c6a.7a07.01d1 DYNAMIC Gi1/0/1

194 1c6a.7a07.01d1 DYNAMIC Gi1/0/1

294 1c6a.7a07.01d1 DYNAMIC Gi1/0/1

394 1c6a.7a07.01d1 DYNAMIC Gi1/0/1

How switch can enter same MAC multiple times for one interface ?

Richard Burts · ‎11-16-2016

It is not common but it is quite possible for a switch to have the same MAC address associated with multiple interfaces. It may be helpful to remember that a MAC address needs to be unique within its own broadcast domain (VLAN). But not necessarily unique over multiple VLANs. I am guessing that Gi1/0/1 is a trunk port and that on the switch to which it connects there are multiple vlans and some device (perhaps some VM with multiple NIC) is using the same MAC address on each of its interfaces.

HTH

Rick

HTH

Rick

lohit prasad · ‎11-20-2016

tx Rick.

Richard Burts · ‎11-16-2016

You have mentioned several things and here are my comments and explanations.

First comment is that you have mentioned doing wr mem. While it is always good to write mem before reload there is no change about behavior of mac address table or arp table or routing table whether or not wr mem was done.

1) Routing Table. (I take this one first because it is easy). Behavior of router and switch are exactly the same. At reboot the routing table is initialized in an empty state. After the boot process completes valid static routes are inserted into the routing table. Then any configured dynamic routing protocols are initialized and begin to run. As the dynamic routing protocols learn new routes they are inserted into the routing table. In general this happens pretty quickly, so that by the time you are able to login and to look at the routing table it will have most of its entries in place.

2) ARP table. The behavior of router and switch are the same. At reboot the arp table is initialized in an empty state. The router or switch begin to listen for arp responses and as it receives arp responses it rebuild the arp table. Note that when the router or switch rebooted it probably caused loss of link on the interface of the connected hosts. When the reboot completes link comes back up on the interface of the connected hosts. When interface link comes back up most hosts will send an ARP response announcing their presence. This is done as part of checking for duplicated IP address (if you send an arp response with your IP and some other device has the same IP the duplicate will be detected) In general this happens pretty quickly, so that by the time you are able to login and to look at the arp table it will have most of its entries in place.

Note that this process does not need the router or switch to send anything. It is just listening to frames that it receives.

3) MAC address table. This only applies to switches and not to routers. At reboot the mac address table is initialized in an empty state. As the switch begins to process it listens to arriving frames on each of its ports. As a frame is received the switch looks at the source mac address and uses this to build the entry in the mac address table. In general this happens pretty quickly, so that by the time you are able to login and to look at the mac address table it will have most of its entries in place.

Note that this process does not need the switch to send anything. It is just listening to frames that it receives.

HTH

Rick

HTH

Rick

lohit prasad · ‎11-16-2016

Thanks Rick.

Basic L2 doubt