Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9875
Views
24
Helpful
10
Replies

"arp timeout" configuration under 2960 switch/l2 interface

Difan Zhao
Level 5
Level 5

‎07-04-2015 02:20 PM - edited ‎03-08-2019 12:50 AM

Hi experts,

I can't believe that I am asking this question. I found this config on a customer switch. Apparently it was put on for a reason. What does it do exactly? I can't even find it in the command reference guide.. Thanks!

interface FastEthernet0/2
 switchport trunk native vlan 190
 switchport mode trunk
 arp timeout 60

!

#show int fa0/2
FastEthernet0/2 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 3cdf.1e52.d402 (bia 3cdf.1e52.d402)
  Description: 
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 15/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is 10/100BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 00:01:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 680000 bits/sec, 481 packets/sec
  5 minute output rate 6151000 bits/sec, 634 packets/sec
     342890980 packets input, 90038919858 bytes, 0 no buffer
     Received 1235772 broadcasts (777870 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 777870 multicast, 0 pause input
     0 input packets with dribble condition detected
     459782618 packets output, 546960117700 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

 

 

Labels:
0 Helpful
10 Replies 10

Richard Burts
Hall of Fame
Hall of Fame

‎07-04-2015 02:47 PM

What it does is to change the timeout for entries in the ARP table. The usual default value for ARP entries in IOS is 4 hours. This command changes the arp timeout to one minute (60 seconds).

 

There is an issue that sometimes comes up based on the fact that a MAC address will be maintained in the ARP table to 4 hours but times out in the switch forwarding table much more quickly. So sometimes we want to make the arp timeout closer to the mac address table timeout. But usually we do this on the layer 3 device that is forwarding to the switch. Finding it on a layer 2 interface of a 2960 switch is pretty unusual.

 

HTH

 

Rick

HTH

Rick
0 Helpful

Difan Zhao
Level 5
Level 5
In response to Richard Burts

‎07-04-2015 02:57 PM

Hi Richard,

I understand your comment. However the 2960 switch does not have or need an ARP entry. The uplink router does. The 2960 only needs it in the MAC address table, which will timeout every 300 seconds, and as you said, a lot shorter. So does this config actually do anything? Will it holds the MAC addresses on the port to 60 seconds instead of 300?

Thanks!

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Difan Zhao

‎07-04-2015 03:04 PM

I disagree with you about whether the 2960 has an arp table or needs an arp table. In fact the 2960 does need the arp table if it has a management interface IP address configured.

 

I do agree with you that the arp table on the 2960 is not very significant. But it does exist. And the command did change the arp timeout as indicated in the line of output that you highlighted

 ARP type: ARPA, ARP Timeout 00:01:00

That arp timeout would normally be 4:00:00 instead of 0:01:00.

 

HTH

 

Rick

HTH

Rick

Difan Zhao
Level 5
Level 5
In response to Richard Burts

‎07-04-2015 03:13 PM

However even it does have an ARP entry, it would be on the Vlan interface, not on Layer 2 FE interface, no?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Difan Zhao

‎07-06-2015 06:04 AM

The original question was about what does this command do and I answered that. Your follow up questions all seem to be focused on whether it makes good sense for this command to be configured on this interface. I do not know enough about the environment and the complete configuration of the device to be able to say whether it makes good sense to have this command on this interface.

 

I will offer the observation that in IOS it is possible to configure things that do not really do much and do not seem to make good sense and this is quite possibly one of those situations.

 

HTH

 

Rick

HTH

Rick

sarahr202
Level 5
Level 5
In response to Difan Zhao

‎12-29-2015 04:03 PM

If the management IP is set on int vlan, then arp entry will point towards vlan.

Just to give you an example:

Below I assign an IP address 1.1.1.1 so I can manage this device remotely. I chose default vlan though I could use any vlan for MGMT.

SW#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 1.1.1.1 - cc01.1b18.0000 ARPA Vlan1

Thanks,

jimmycher
Level 1
Level 1
In response to Richard Burts

‎12-29-2015 10:34 AM

Richard,  are you saying that the switch only needs an arp table for management IP address?  

If I do a show arp on my switch, it lists device A.

 If I ping device-B, then do a show arp, device-B now shows up in my arp table (both type ARPA).  

ARP is a simple concept, but I still get very confused how the server/router/switch uses them in practice.  

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to jimmycher

‎12-29-2015 11:17 AM

Yes I am saying that for a layer 2 switch it needs an ARP table only for its management traffic.

I appreciate that the use of the ARP table can be confusing, especially while in the early stages of learning about networking. Let me try to explain it this way and I hope it will help you with your understanding. When we talk about servers, and switches, and routers we can talk about forwarding at layer 2 and about forwarding at layer 3. For servers and for routers it is usually pretty straightforward since both servers and routers are mostly forwarding at layer 3 with little or no forwarding at layer 2. Forwarding at layer 3 needs an ARP table and servers and routers do maintain their ARP table.

So where it gets more complicated is when we talk about switches. When a switch is doing layer 2 forwarding it needs its mac address table but would not need an ARP table. When the switch is forwarding at layer 3 it would need an ARP table. So we can see that if a switch is a layer 3 switch and has ip routing enabled then it is forwarding at layer 3 and will need an ARP table.

So what about a layer 2 switch? Most of what it does is layer 2 forwarding and for that it does not need an ARP table. But what about traffic from its management interface? Its management interface is a layer 3 interface (processing IP) and traffic from the management interface is forwarded at layer 3 and would need an ARP table.

HTH

Rick

HTH

Rick

jimmycher
Level 1
Level 1
In response to Richard Burts

‎12-29-2015 01:32 PM

You are a valuable asset to our community, thanks.  

So I guess when I ping from the switch to a host, it is Layer 3, and therefore populates the arp table in the switch.  

Normal traffic, from an outside host through the switch, would be L2 only, and not need an ARP entry.  Is that correct?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to jimmycher

‎12-29-2015 01:54 PM

Thank you for the kind words, and thank you for the rating.

Yes you got it quite right. If the switch does the ping then it is sending the layer 3 packet and needs an ARP table entry. But if something outside the switch originates the packet then the switch is just doing layer 2 forwarding and does not need an ARP table entry.

HTH

Rick

HTH

Rick
Customers Also Viewed These Support Documents