On 06/23/2010 07:34 PM, Drew Weaver wrote:
The actual machine for:
Internet 10.1.164.42 146 0030.48bf.3230 ARPA Vlan643
Was down at the time (like completely down...) and I wouldn't have
expected to even see this in the sh ip arp vlan 643 output at all,
Well, from your data above, the arp entry age is only 146 seconds; by
default the ARP entry will live for hours. They're not tied to the MAC
table entry at all.
but since it did show up in there I am wondering why it didn't show
up in the mac-address-table and more importantly is there a way to
You say the host was down; is it directly attached to this switch? If
so, the MAC table for its port would be cleared on link-down.
Other than link-down events, the only other thing I can think of that
clears MAC table entries are STP TCNs (clearing the entries on the ports
concerned).
If none of those happened then you're right, there should be a MAC table
entry, with an ARP entry only 146 seconds old (146 < 300)
query the 'arp table' for just vlan 643 via SNMP that anyone is aware
ipNetToMedia is indexed by ifIndex.ip.ip.ip.ip, so you just need to know
the ifIndex for vlan 643s routed portion; easiest way to find that is to:
ifindex=`snmpget -O qv router
CISCO-VLAN-IFTABLE-RELATIONSHIP-MIB::cviRoutedVlanIfIndex.$vlan.1`
...then:
snmpwalk ipNetToMediaPhysAddress.$ifindex
of? I also noticed this same thing occurs sometimes when Windows
firewall is enabled on Windows 2008 machines. I have to disable the
firewall and ping the machine before it will show up in those SNMP
.1.3.6.1.2.1.17.4.3.1.1 even though the host is actually up and
running.
Well, on IOS ARP entries live for much longer (4 hours?) than MAC table
entries (300 seconds) by default, so the MAC entry will expire after 5
minutes of inactivity. When you ping a host, the MAC is still resolvable
via the ARP table, but it will be flooded out of all ports as an
"unknown unicast". Or 4 hours down the line, as the ARP entry expires,
it'll broadcast and ARP request.
As a previous poster has said; monitoring MAC tables (and ARP tables,
really) needs to be done by taking continuous snapshots and logging them
to a database. Netdisco is a good (free, open source) choice for this.
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
