Will a layer-2-only device forward gratuitous ARP? & different vlans?

jmaxwellUSAF · ‎02-22-2023

Hello.

ASA-5525<===> Nexus 9300 <===> Load-Balancer

1. If ASA-5525 high-availability setup sends a gratuitous APR to layer-2 Nexus port, will Nexus forward this packet out the interface connected to the load balancer?
--

2. If ASA-5525 HA setup is connected to Nexus on Vlan 10, BUT Loadbalancer is on Vlan 20, will Nexus forward gratuitous ARP to load balancer?

Thank you.

MHM Cisco World · ‎02-22-2023

G-ARP is L2/L3 what that meaning ?
if the nexus have L2 connect to load balance then G-ARP will flood from NSK to Load
if not then the G-ARP will not flood

jmaxwellUSAF · ‎02-23-2023

Yesterday we had a major network failure because devices downstream of the Nexus9300 failed to get the gratuitous arp from a ASA 5525 firewall failover event. (Possibly the stale arp entry remained for some other reason).

Why could this have occurred?

MHM Cisco World · ‎02-23-2023

Are you config ASA HA active/standby ?
Are you config NSK as vPC ?
show failover <<- check the status in both ASA I think you have split brain ?

jmaxwellUSAF · ‎02-23-2023

Hi MHM. May you please answer the below questions?

I have migrated the rest of this thread to...

HA ASA-5525 pair failed to send gratuitous ARPs during failover. Why? - Cisco Community

What is nsk?

What would be the result of "split brain"?