Cisco ARP cache rewrites?
I know that the Cisco's default ARP entry expiration is 240 minutes, however how does the ARP table mechanism work when a different MAC address is seen using the same IP?
In other words, if I move an IP to another device and the MAC associated with it therefore changes, isn't the ARP table on a Cisco switch going to overwrite that original ARP table entry immediately with the new MAC to IP association?
Take for example computer A is using 172.17.1.20 with MAC aaaa.bbbb.cccc. I then decommission computer A and give its IP 172.17.1.20 to computer B which has a MAC of 1111.2222.3333. When the switch sees traffic from computer b using 1111.2222.3333 won't it automatically update its ARP table entry to reflect this changed MAC associated with IP 172.17.1.20?
switch mac-address arp ip-address layer3
edited Jan 23 at 20:56
Ron Maupin♦
66.6k1369123
asked Jan 23 at 16:05
Daveba123Daveba123
183
add a comment |
I know that the Cisco's default ARP entry expiration is 240 minutes, however how does the ARP table mechanism work when a different MAC address is seen using the same IP?
In other words, if I move an IP to another device and the MAC associated with it therefore changes, isn't the ARP table on a Cisco switch going to overwrite that original ARP table entry immediately with the new MAC to IP association?
Take for example computer A is using 172.17.1.20 with MAC aaaa.bbbb.cccc. I then decommission computer A and give its IP 172.17.1.20 to computer B which has a MAC of 1111.2222.3333. When the switch sees traffic from computer b using 1111.2222.3333 won't it automatically update its ARP table entry to reflect this changed MAC associated with IP 172.17.1.20?
switch mac-address arp ip-address layer3
edited Jan 23 at 20:56
Ron Maupin♦
66.6k1369123
asked Jan 23 at 16:05
Daveba123Daveba123
183
add a comment |
I know that the Cisco's default ARP entry expiration is 240 minutes, however how does the ARP table mechanism work when a different MAC address is seen using the same IP?
In other words, if I move an IP to another device and the MAC associated with it therefore changes, isn't the ARP table on a Cisco switch going to overwrite that original ARP table entry immediately with the new MAC to IP association?
Take for example computer A is using 172.17.1.20 with MAC aaaa.bbbb.cccc. I then decommission computer A and give its IP 172.17.1.20 to computer B which has a MAC of 1111.2222.3333. When the switch sees traffic from computer b using 1111.2222.3333 won't it automatically update its ARP table entry to reflect this changed MAC associated with IP 172.17.1.20?
switch mac-address arp ip-address layer3
edited Jan 23 at 20:56
Ron Maupin♦
66.6k1369123
asked Jan 23 at 16:05
Daveba123Daveba123
183
I know that the Cisco's default ARP entry expiration is 240 minutes, however how does the ARP table mechanism work when a different MAC address is seen using the same IP?
In other words, if I move an IP to another device and the MAC associated with it therefore changes, isn't the ARP table on a Cisco switch going to overwrite that original ARP table entry immediately with the new MAC to IP association?
Take for example computer A is using 172.17.1.20 with MAC aaaa.bbbb.cccc. I then decommission computer A and give its IP 172.17.1.20 to computer B which has a MAC of 1111.2222.3333. When the switch sees traffic from computer b using 1111.2222.3333 won't it automatically update its ARP table entry to reflect this changed MAC associated with IP 172.17.1.20?
switch mac-address arp ip-address layer3
switch mac-address arp ip-address layer3
edited Jan 23 at 20:56
Ron Maupin♦
66.6k1369123
asked Jan 23 at 16:05
Daveba123Daveba123
183
edited Jan 23 at 20:56
Ron Maupin♦
66.6k1369123
asked Jan 23 at 16:05
Daveba123Daveba123
183
edited Jan 23 at 20:56
Ron Maupin♦
66.6k1369123
edited Jan 23 at 20:56
Ron Maupin♦
66.6k1369123
edited Jan 23 at 20:56
Ron Maupin♦
66.6k1369123
66.6k1369123
asked Jan 23 at 16:05
Daveba123Daveba123
183
asked Jan 23 at 16:05
Daveba123Daveba123
183
asked Jan 23 at 16:05
Daveba123Daveba123
183
183
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
An ARP table entry in a host (routers are hosts, too) is created or updated when an ARP packet is seen. In your example where a host IPv4 address is changed, the router (or any other host on the network) will have no way to know that the address has changed until it sees an ARP packet from the changed host.
That can happen in a could happen in a couple of ways. The changed host could send a gratuitous ARP packet, or it could send an ARP request for another host. The router itself may have a packet for the new IPv4 address, and it would then send and ARP request for that address.
Remember that ARP table entries are indexed by the IPv4 address, not the MAC address, so there could be several entries with the same MAC address. That would certainly be the case for a host with multiple IPv4 addresses on the same interface (rare but not unheard of).
Switches update the MAC address table (not an ARP table) every time it sees a frame entering the switch. The switch MAC address table is indexed by MAC address, and any frame will update the MAC address table with the source MAC address. Switches do not care about the IPv4 address, so they do not have ARP tables relating the MAC address to the IPv4 address, so they do not care if an IPv4 address is changed on a device.
answered Jan 23 at 16:13
Ron Maupin♦Ron Maupin
66.6k1369123
Thank you, this is very helpful for my own clarification and of mac address tables and switches. In my scenario, the switch is layer 3 so its function is a router.
– Daveba123
Jan 23 at 17:29
Remember that a layer-3 switch is still a layer-2 switch, but there is a directly connected router module inside. The layer-2 will still not have an ARP table, only a MAC address table, while the routing module will have an ARP table.
– Ron Maupin♦
Jan 23 at 17:34
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "496"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f56329%2fcisco-arp-cache-rewrites%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
An ARP table entry in a host (routers are hosts, too) is created or updated when an ARP packet is seen. In your example where a host IPv4 address is changed, the router (or any other host on the network) will have no way to know that the address has changed until it sees an ARP packet from the changed host.
That can happen in a could happen in a couple of ways. The changed host could send a gratuitous ARP packet, or it could send an ARP request for another host. The router itself may have a packet for the new IPv4 address, and it would then send and ARP request for that address.
Remember that ARP table entries are indexed by the IPv4 address, not the MAC address, so there could be several entries with the same MAC address. That would certainly be the case for a host with multiple IPv4 addresses on the same interface (rare but not unheard of).
Switches update the MAC address table (not an ARP table) every time it sees a frame entering the switch. The switch MAC address table is indexed by MAC address, and any frame will update the MAC address table with the source MAC address. Switches do not care about the IPv4 address, so they do not have ARP tables relating the MAC address to the IPv4 address, so they do not care if an IPv4 address is changed on a device.
answered Jan 23 at 16:13
Ron Maupin♦Ron Maupin
66.6k1369123
Thank you, this is very helpful for my own clarification and of mac address tables and switches. In my scenario, the switch is layer 3 so its function is a router.
– Daveba123
Jan 23 at 17:29
Remember that a layer-3 switch is still a layer-2 switch, but there is a directly connected router module inside. The layer-2 will still not have an ARP table, only a MAC address table, while the routing module will have an ARP table.
– Ron Maupin♦
Jan 23 at 17:34
add a comment |
An ARP table entry in a host (routers are hosts, too) is created or updated when an ARP packet is seen. In your example where a host IPv4 address is changed, the router (or any other host on the network) will have no way to know that the address has changed until it sees an ARP packet from the changed host.
That can happen in a could happen in a couple of ways. The changed host could send a gratuitous ARP packet, or it could send an ARP request for another host. The router itself may have a packet for the new IPv4 address, and it would then send and ARP request for that address.
Remember that ARP table entries are indexed by the IPv4 address, not the MAC address, so there could be several entries with the same MAC address. That would certainly be the case for a host with multiple IPv4 addresses on the same interface (rare but not unheard of).
Switches update the MAC address table (not an ARP table) every time it sees a frame entering the switch. The switch MAC address table is indexed by MAC address, and any frame will update the MAC address table with the source MAC address. Switches do not care about the IPv4 address, so they do not have ARP tables relating the MAC address to the IPv4 address, so they do not care if an IPv4 address is changed on a device.
answered Jan 23 at 16:13
Ron Maupin♦Ron Maupin
66.6k1369123
Thank you, this is very helpful for my own clarification and of mac address tables and switches. In my scenario, the switch is layer 3 so its function is a router.
– Daveba123
Jan 23 at 17:29
Remember that a layer-3 switch is still a layer-2 switch, but there is a directly connected router module inside. The layer-2 will still not have an ARP table, only a MAC address table, while the routing module will have an ARP table.
– Ron Maupin♦
Jan 23 at 17:34
add a comment |
An ARP table entry in a host (routers are hosts, too) is created or updated when an ARP packet is seen. In your example where a host IPv4 address is changed, the router (or any other host on the network) will have no way to know that the address has changed until it sees an ARP packet from the changed host.
That can happen in a could happen in a couple of ways. The changed host could send a gratuitous ARP packet, or it could send an ARP request for another host. The router itself may have a packet for the new IPv4 address, and it would then send and ARP request for that address.
Remember that ARP table entries are indexed by the IPv4 address, not the MAC address, so there could be several entries with the same MAC address. That would certainly be the case for a host with multiple IPv4 addresses on the same interface (rare but not unheard of).
Switches update the MAC address table (not an ARP table) every time it sees a frame entering the switch. The switch MAC address table is indexed by MAC address, and any frame will update the MAC address table with the source MAC address. Switches do not care about the IPv4 address, so they do not have ARP tables relating the MAC address to the IPv4 address, so they do not care if an IPv4 address is changed on a device.
answered Jan 23 at 16:13
Ron Maupin♦Ron Maupin
66.6k1369123
An ARP table entry in a host (routers are hosts, too) is created or updated when an ARP packet is seen. In your example where a host IPv4 address is changed, the router (or any other host on the network) will have no way to know that the address has changed until it sees an ARP packet from the changed host.
That can happen in a could happen in a couple of ways. The changed host could send a gratuitous ARP packet, or it could send an ARP request for another host. The router itself may have a packet for the new IPv4 address, and it would then send and ARP request for that address.
Remember that ARP table entries are indexed by the IPv4 address, not the MAC address, so there could be several entries with the same MAC address. That would certainly be the case for a host with multiple IPv4 addresses on the same interface (rare but not unheard of).
Switches update the MAC address table (not an ARP table) every time it sees a frame entering the switch. The switch MAC address table is indexed by MAC address, and any frame will update the MAC address table with the source MAC address. Switches do not care about the IPv4 address, so they do not have ARP tables relating the MAC address to the IPv4 address, so they do not care if an IPv4 address is changed on a device.
answered Jan 23 at 16:13
Ron Maupin♦Ron Maupin
66.6k1369123
answered Jan 23 at 16:13
Ron Maupin♦Ron Maupin
66.6k1369123
answered Jan 23 at 16:13
Ron Maupin♦Ron Maupin
66.6k1369123
answered Jan 23 at 16:13
Ron Maupin♦Ron Maupin
66.6k1369123
66.6k1369123
Thank you, this is very helpful for my own clarification and of mac address tables and switches. In my scenario, the switch is layer 3 so its function is a router.
– Daveba123
Jan 23 at 17:29
Remember that a layer-3 switch is still a layer-2 switch, but there is a directly connected router module inside. The layer-2 will still not have an ARP table, only a MAC address table, while the routing module will have an ARP table.
– Ron Maupin♦
Jan 23 at 17:34
add a comment |
Thank you, this is very helpful for my own clarification and of mac address tables and switches. In my scenario, the switch is layer 3 so its function is a router.
– Daveba123
Jan 23 at 17:29
Remember that a layer-3 switch is still a layer-2 switch, but there is a directly connected router module inside. The layer-2 will still not have an ARP table, only a MAC address table, while the routing module will have an ARP table.
– Ron Maupin♦
Jan 23 at 17:34
Thank you, this is very helpful for my own clarification and of mac address tables and switches. In my scenario, the switch is layer 3 so its function is a router.
– Daveba123
Jan 23 at 17:29
Thank you, this is very helpful for my own clarification and of mac address tables and switches. In my scenario, the switch is layer 3 so its function is a router.
– Daveba123
Jan 23 at 17:29
Remember that a layer-3 switch is still a layer-2 switch, but there is a directly connected router module inside. The layer-2 will still not have an ARP table, only a MAC address table, while the routing module will have an ARP table.
– Ron Maupin♦
Jan 23 at 17:34
Remember that a layer-3 switch is still a layer-2 switch, but there is a directly connected router module inside. The layer-2 will still not have an ARP table, only a MAC address table, while the routing module will have an ARP table.
– Ron Maupin♦
Jan 23 at 17:34
add a comment |
Thanks for contributing an answer to Network Engineering Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f56329%2fcisco-arp-cache-rewrites%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
