Re: vlan and arp cache
- From: "Thrill5" <nospam@xxxxxxxxxxxxx>
- Date: Wed, 24 Jun 2009 23:00:24 -0400
This problem usually happens when you are running HSRP. You are running
HSRP on Routers A and B for multiple VLANs. Router A is the default
gateway for the client, so A will receive traffic from the client. Each
time a packet is received from client, the CAM table is updated. If Router
B is the default gateway for the server (or the next hop router to the VLAN
the client is on), then B will always receive traffic for the replies to the
client.. Now on router B, if the client's MAC address is not in the ARP
table, B will ARP the client. When the client responds, both the ARP and
the CAM table are updated. After the CAM table times out, the ARP entry is
still there so B will know the MAC of the client, but the MAC will not exist
in the CAM table. Router B will then flood the packet because at layer 2,
this is an unknown MAC address.
The reason setting the ARP cache timeout and the CAM timeout to the same
value fixes this problem is because when CAM table entry expires, so does
the ARP entry. The router will then ARP the client and both tables get
refreshed. The key to this problem is that both the ARP and CAM table
timeout values are reset only when a packet is received from the client, not
when one is sent to it.
It is a Cisco recommended practice to always set the ARP and CAM timeouts to
the same value when running HSRP in order to prevent this problem. There
is debate as to weather you should lower the ARP timeout or raise the CAM
timeout. I always lower the ARP timeout to match the CAM timeout, which is
300 seconds.
"Gabriele Guasco" <gabriele.guasco@xxxxxxxxx> wrote in message
news:9f6a615c-8ffe-4c77-acd0-c37ea1fefa38@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi,
I have a problem very similar to the one described on "problem with
vlan + arp" posted on this newsgroup on Sept , 2009 but I can't
understand the answer so I kindly ask your help:
let's consider the scenario described in that post: if the arp timeout
in the router is lower than the mac address timeout in the mac
forwarding table in the switch there should be no problem because the
router will arp the dest_IP_addr and the switch will just refresh the
mac forw table when the destination host will reply to the arp,
right??
But (here is what I probably didn't undestand) in my opinion if the
arp timeout in the router is higher than the mac addr timeout in the
switch, the router will send a unicast frame (bacause he know the
correct dest_mac_adress) and the switch will forward that frame on
every port exept the source port of the frame (as far as I know the
switches do this when they don-t know where a mac address is), if this
is correct there should be no ping timeout neither is the first nor in
the second scenario; so i can't imagine a scenario in wich this
"timeout mismatch" could be a problem....but in my networdk I have the
same problem and I solve it clearing the arp-cache on the router :-).
Would someone please clarify me when the timeout mismatch can cause a
problem? Thank you very much for reading.
Gabriele
.
- References:
- vlan and arp cache
- From: Gabriele Guasco
- vlan and arp cache
- Prev by Date: Re: Cisco 2611 with old Ios installed - need to upgrade?
- Next by Date: Airlines
- Previous by thread: Re: vlan and arp cache
- Next by thread: ASA split two ipsec tunnels
- Index(es):
Relevant Pages
|
