Cisco ARP cache rewrites?
I know that the Cisco's default ARP entry expiration is 240 minutes, however how does the ARP table mechanism work when a different MAC address is seen using the same IP?
In other words, if I move an IP to another device and the MAC associated with it therefore changes, isn't the ARP table on a Cisco switch going to overwrite that original ARP table entry immediately with the new MAC to IP association?
Take for example computer A is using 172.17.1.20 with MAC aaaa.bbbb.cccc. I then decommission computer A and give its IP 172.17.1.20 to computer B which has a MAC of 1111.2222.3333. When the switch sees traffic from computer b using 1111.2222.3333 won't it automatically update its ARP table entry to reflect this changed MAC associated with IP 172.17.1.20?
switch arp
asked 4 hours ago
Daveba123Daveba123
183
New contributor
Daveba123 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I know that the Cisco's default ARP entry expiration is 240 minutes, however how does the ARP table mechanism work when a different MAC address is seen using the same IP?
In other words, if I move an IP to another device and the MAC associated with it therefore changes, isn't the ARP table on a Cisco switch going to overwrite that original ARP table entry immediately with the new MAC to IP association?
Take for example computer A is using 172.17.1.20 with MAC aaaa.bbbb.cccc. I then decommission computer A and give its IP 172.17.1.20 to computer B which has a MAC of 1111.2222.3333. When the switch sees traffic from computer b using 1111.2222.3333 won't it automatically update its ARP table entry to reflect this changed MAC associated with IP 172.17.1.20?
switch arp
asked 4 hours ago
Daveba123Daveba123
183
New contributor
Daveba123 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I know that the Cisco's default ARP entry expiration is 240 minutes, however how does the ARP table mechanism work when a different MAC address is seen using the same IP?
In other words, if I move an IP to another device and the MAC associated with it therefore changes, isn't the ARP table on a Cisco switch going to overwrite that original ARP table entry immediately with the new MAC to IP association?
Take for example computer A is using 172.17.1.20 with MAC aaaa.bbbb.cccc. I then decommission computer A and give its IP 172.17.1.20 to computer B which has a MAC of 1111.2222.3333. When the switch sees traffic from computer b using 1111.2222.3333 won't it automatically update its ARP table entry to reflect this changed MAC associated with IP 172.17.1.20?
switch arp
asked 4 hours ago
Daveba123Daveba123
183
New contributor
Daveba123 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I know that the Cisco's default ARP entry expiration is 240 minutes, however how does the ARP table mechanism work when a different MAC address is seen using the same IP?
In other words, if I move an IP to another device and the MAC associated with it therefore changes, isn't the ARP table on a Cisco switch going to overwrite that original ARP table entry immediately with the new MAC to IP association?
Take for example computer A is using 172.17.1.20 with MAC aaaa.bbbb.cccc. I then decommission computer A and give its IP 172.17.1.20 to computer B which has a MAC of 1111.2222.3333. When the switch sees traffic from computer b using 1111.2222.3333 won't it automatically update its ARP table entry to reflect this changed MAC associated with IP 172.17.1.20?
switch arp
switch arp
asked 4 hours ago
Daveba123Daveba123
183
New contributor
Daveba123 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 4 hours ago
Daveba123Daveba123
183
New contributor
Daveba123 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 4 hours ago
Daveba123Daveba123
183
New contributor
Daveba123 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 4 hours ago
Daveba123Daveba123
183
asked 4 hours ago
Daveba123Daveba123
183
183
New contributor
Daveba123 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Daveba123 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Daveba123 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
An ARP table entry in a host (routers are hosts, too) is created or updated when an ARP packet is seen. In your example where a host IPv4 address is changed, the router (or any other host on the network) will have no way to know that the address has changed until it sees an ARP packet from the changed host.
That can happen in a could happen in a couple of ways. The changed host could send a gratuitous ARP packet, or it could send an ARP request for another host. The router itself may have a packet for the new IPv4 address, and it would then send and ARP request for that address.
Remember that ARP table entries are indexed by the IPv4 address, not the MAC address, so there could be several entries with the same MAC address. That would certainly be the case for a host with multiple IPv4 addresses on the same interface (rare but not unheard of).
Switches update the MAC address table (not an ARP table) every time it sees a frame entering the switch. The switch MAC address table is indexed by MAC address, and any frame will update the MAC address table with the source MAC address. Switches do not care about the IPv4 address, so they do not have ARP tables relating the MAC address to the IPv4 address, so they do not care if an IPv4 address is changed on a device.
answered 4 hours ago
Ron Maupin♦Ron Maupin
63.8k1367120
Thank you, this is very helpful for my own clarification and of mac address tables and switches. In my scenario, the switch is layer 3 so its function is a router.
– Daveba123
2 hours ago
Remember that a layer-3 switch is still a layer-2 switch, but there is a directly connected router module inside. The layer-2 will still not have an ARP table, only a MAC address table, while the routing module will have an ARP table. Also, if the answer helped you, you should accept so that the question doesn't keep popping up forever, looking for an answer.
– Ron Maupin♦
2 hours ago
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "496"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Daveba123 is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f56329%2fcisco-arp-cache-rewrites%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
An ARP table entry in a host (routers are hosts, too) is created or updated when an ARP packet is seen. In your example where a host IPv4 address is changed, the router (or any other host on the network) will have no way to know that the address has changed until it sees an ARP packet from the changed host.
That can happen in a could happen in a couple of ways. The changed host could send a gratuitous ARP packet, or it could send an ARP request for another host. The router itself may have a packet for the new IPv4 address, and it would then send and ARP request for that address.
Remember that ARP table entries are indexed by the IPv4 address, not the MAC address, so there could be several entries with the same MAC address. That would certainly be the case for a host with multiple IPv4 addresses on the same interface (rare but not unheard of).
Switches update the MAC address table (not an ARP table) every time it sees a frame entering the switch. The switch MAC address table is indexed by MAC address, and any frame will update the MAC address table with the source MAC address. Switches do not care about the IPv4 address, so they do not have ARP tables relating the MAC address to the IPv4 address, so they do not care if an IPv4 address is changed on a device.
answered 4 hours ago
Ron Maupin♦Ron Maupin
63.8k1367120
Thank you, this is very helpful for my own clarification and of mac address tables and switches. In my scenario, the switch is layer 3 so its function is a router.
– Daveba123
2 hours ago
Remember that a layer-3 switch is still a layer-2 switch, but there is a directly connected router module inside. The layer-2 will still not have an ARP table, only a MAC address table, while the routing module will have an ARP table. Also, if the answer helped you, you should accept so that the question doesn't keep popping up forever, looking for an answer.
– Ron Maupin♦
2 hours ago
add a comment |
An ARP table entry in a host (routers are hosts, too) is created or updated when an ARP packet is seen. In your example where a host IPv4 address is changed, the router (or any other host on the network) will have no way to know that the address has changed until it sees an ARP packet from the changed host.
That can happen in a could happen in a couple of ways. The changed host could send a gratuitous ARP packet, or it could send an ARP request for another host. The router itself may have a packet for the new IPv4 address, and it would then send and ARP request for that address.
Remember that ARP table entries are indexed by the IPv4 address, not the MAC address, so there could be several entries with the same MAC address. That would certainly be the case for a host with multiple IPv4 addresses on the same interface (rare but not unheard of).
Switches update the MAC address table (not an ARP table) every time it sees a frame entering the switch. The switch MAC address table is indexed by MAC address, and any frame will update the MAC address table with the source MAC address. Switches do not care about the IPv4 address, so they do not have ARP tables relating the MAC address to the IPv4 address, so they do not care if an IPv4 address is changed on a device.
answered 4 hours ago
Ron Maupin♦Ron Maupin
63.8k1367120
Thank you, this is very helpful for my own clarification and of mac address tables and switches. In my scenario, the switch is layer 3 so its function is a router.
– Daveba123
2 hours ago
Remember that a layer-3 switch is still a layer-2 switch, but there is a directly connected router module inside. The layer-2 will still not have an ARP table, only a MAC address table, while the routing module will have an ARP table. Also, if the answer helped you, you should accept so that the question doesn't keep popping up forever, looking for an answer.
– Ron Maupin♦
2 hours ago
add a comment |
An ARP table entry in a host (routers are hosts, too) is created or updated when an ARP packet is seen. In your example where a host IPv4 address is changed, the router (or any other host on the network) will have no way to know that the address has changed until it sees an ARP packet from the changed host.
That can happen in a could happen in a couple of ways. The changed host could send a gratuitous ARP packet, or it could send an ARP request for another host. The router itself may have a packet for the new IPv4 address, and it would then send and ARP request for that address.
Remember that ARP table entries are indexed by the IPv4 address, not the MAC address, so there could be several entries with the same MAC address. That would certainly be the case for a host with multiple IPv4 addresses on the same interface (rare but not unheard of).
Switches update the MAC address table (not an ARP table) every time it sees a frame entering the switch. The switch MAC address table is indexed by MAC address, and any frame will update the MAC address table with the source MAC address. Switches do not care about the IPv4 address, so they do not have ARP tables relating the MAC address to the IPv4 address, so they do not care if an IPv4 address is changed on a device.
answered 4 hours ago
Ron Maupin♦Ron Maupin
63.8k1367120
An ARP table entry in a host (routers are hosts, too) is created or updated when an ARP packet is seen. In your example where a host IPv4 address is changed, the router (or any other host on the network) will have no way to know that the address has changed until it sees an ARP packet from the changed host.
That can happen in a could happen in a couple of ways. The changed host could send a gratuitous ARP packet, or it could send an ARP request for another host. The router itself may have a packet for the new IPv4 address, and it would then send and ARP request for that address.
Remember that ARP table entries are indexed by the IPv4 address, not the MAC address, so there could be several entries with the same MAC address. That would certainly be the case for a host with multiple IPv4 addresses on the same interface (rare but not unheard of).
Switches update the MAC address table (not an ARP table) every time it sees a frame entering the switch. The switch MAC address table is indexed by MAC address, and any frame will update the MAC address table with the source MAC address. Switches do not care about the IPv4 address, so they do not have ARP tables relating the MAC address to the IPv4 address, so they do not care if an IPv4 address is changed on a device.
answered 4 hours ago
Ron Maupin♦Ron Maupin
63.8k1367120
answered 4 hours ago
Ron Maupin♦Ron Maupin
63.8k1367120
answered 4 hours ago
Ron Maupin♦Ron Maupin
63.8k1367120
answered 4 hours ago
Ron Maupin♦Ron Maupin
63.8k1367120
63.8k1367120
Thank you, this is very helpful for my own clarification and of mac address tables and switches. In my scenario, the switch is layer 3 so its function is a router.
– Daveba123
2 hours ago
Remember that a layer-3 switch is still a layer-2 switch, but there is a directly connected router module inside. The layer-2 will still not have an ARP table, only a MAC address table, while the routing module will have an ARP table. Also, if the answer helped you, you should accept so that the question doesn't keep popping up forever, looking for an answer.
– Ron Maupin♦
2 hours ago
add a comment |
Thank you, this is very helpful for my own clarification and of mac address tables and switches. In my scenario, the switch is layer 3 so its function is a router.
– Daveba123
2 hours ago
Remember that a layer-3 switch is still a layer-2 switch, but there is a directly connected router module inside. The layer-2 will still not have an ARP table, only a MAC address table, while the routing module will have an ARP table. Also, if the answer helped you, you should accept so that the question doesn't keep popping up forever, looking for an answer.
– Ron Maupin♦
2 hours ago
Thank you, this is very helpful for my own clarification and of mac address tables and switches. In my scenario, the switch is layer 3 so its function is a router.
– Daveba123
2 hours ago
Thank you, this is very helpful for my own clarification and of mac address tables and switches. In my scenario, the switch is layer 3 so its function is a router.
– Daveba123
2 hours ago
Remember that a layer-3 switch is still a layer-2 switch, but there is a directly connected router module inside. The layer-2 will still not have an ARP table, only a MAC address table, while the routing module will have an ARP table. Also, if the answer helped you, you should accept so that the question doesn't keep popping up forever, looking for an answer.
– Ron Maupin♦
2 hours ago
Remember that a layer-3 switch is still a layer-2 switch, but there is a directly connected router module inside. The layer-2 will still not have an ARP table, only a MAC address table, while the routing module will have an ARP table. Also, if the answer helped you, you should accept so that the question doesn't keep popping up forever, looking for an answer.
– Ron Maupin♦
2 hours ago
add a comment |
Daveba123 is a new contributor. Be nice, and check out our Code of Conduct.
Daveba123 is a new contributor. Be nice, and check out our Code of Conduct.
Daveba123 is a new contributor. Be nice, and check out our Code of Conduct.
Daveba123 is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Network Engineering Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f56329%2fcisco-arp-cache-rewrites%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
