I have a couple of 6509's with Sup1/MSFC1 cards that have a "feature" (I can't get TAC to agree that it is a bug) which cause this type of problem.
If you have an MLS entry built for a host and the MAC address associated with that host's IP address (ARP entry) changes, the MSFC will see this (via the gratuitous ARP) but the change will not be propagated down to the MLS cache on the L2 side. (hence the bug in my opinion) The L2 cache will not change even though the L3 side knows of the new address; I think there should be better communication between the two engines but perhaps I'm way over-simplifying things. If you perform a global "clear arp" on the MSFC this does flush the entire MLS cache on the L2 side so this will "fix" the problem but it is a bit like performing brain surgery with a sledge hammer. You can perform a selective clearing at the L2 prompt by issuing the following: clear mls entry ip destination x.x.x.x By default, an MLS entry will age-out pretty quickly if there is no traffic going to the destination (two minutes I think); unfortunately, the HPOV guy has his box pinging everything he can find (and I do mean "everything but that's a story for another time) on a two-minute interval and being a Windows shop we never see our entries age-out because of no traffic (the "short aging time"). Every MLS entry will be cleared (regardless of traffic) after the "long aging time." Somewhere between CatOS version 5.4.2 and 5.5.7 this timer was changed from 900 seconds to 1920 seconds (15 minutes to 32 minutes) and there isn't an option to modify this (unless you run your switches in Native IOS mode). The good news is that Cisco radically changed how MLS works with the Sup2's and this is no longer a problem. The PFC uses CEF so when the router's ARP cache changes, the appropriate CEF tables are updated and MLS keeps humming along. So, you might want to ask Sprint how their 6509 is configured and see if it matches the above scenario that I laid-out. As a work-around, you can spoof the MAC address of your new router to match that of the old router. Hope this helps, Ben -----Original Message----- From: [EMAIL PROTECTED] [mailto:nobody@;groupstudy.com] Sent: Friday, November 01, 2002 1:42 PM To: [EMAIL PROTECTED] Subject: RE: Forrest Gump-like arp(?) question [7:56680] A cisco router broadcasts a gratuitous ARP response announcing to the world its IP address when it boots. See this example: Ethernet Header Destination: FF:FF:FF:FF:FF:FF Ethernet Broadcast Source: 00:00:0C:3F:00:D4 Protocol Type: 0x0806 IP ARP ARP - Address Resolution Protocol Hardware: 1 Ethernet (10Mb) Protocol: 0x0800 IP Hardware Address Length:6 Protocol Address Length:4 Operation: 2 ARP Response Sender Hardware Address:00:00:0C:3F:00:D4 Sender Internet Address:172.16.10.1 Target Hardware Address:FF:FF:FF:FF:FF:FF Ethernet Broadcast Target Internet Address:172.16.10.1 Is your router not doing that for some reason? You could do some sniffing to see whether it does it. The gratuitous ARP should put the right ARP data into the 6509's ARP cache. So, I'm wondering if the ARP cache is the real problem. When you had the new router installed, what did "show int ethernet" display? Was it up/up? Can you send us some of your config for some more clues?? _______________________________ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Mark Smith wrote: > > Unfortunately I don't have access to the 6509 or it would be a > done deal. My stuff's at a Sprint co-lo facility and getting > thru to a live tech across the country at Sprint is next to > impossible. The 6509 is theirs and is what I connect to on > their network to get out to the world. I was just looking for a > way to force their equipment to clear or refresh it's arp cache. > Thanks. > > Quoting Priscilla Oppenheimer : > > > Can't you just do a "clear arp" on the 6509? That's a > > commonly-used IOS > > command. I would assume it works on the 6509. Or > > should I say ass-u-me it > > works. :-) > > > > Priscilla > > > > Mark Smith wrote: > > > > > > I need to replace a router in a cabinet at the > > facility where > > > my hosted servers and equipment is. My equipment is > > "talking" > > > to the hosting facility's network via a port on a > > 6509 switch. > > > I replaced my router and then nothing from my > > network could > > > connect to the outside world. I waited about 2 > > minutes (during > > > which time my entire site's down and my bosses get > > VERY > > > nervous) and I never was able to connect from inside > > and my > > > tester on the outside was never able to get in to > > me. I finally > > > put router #1 back in and all was well again. I've > > scoured the > > > configuration and #2's is identical with #1 so I > > don't believe > > > that is the problem. I'm ass-u-me-ing that the > > reason for this > > > is the 6509 port's ARP cache is looking for the MAC > > address of > > > router #1 and it ain't there anymore. Would this > > ass-u-me-ption > > > be correct or is it possibly something else I'm not > > > thinking/aware of? If it is an ARP issue, is there a > > way that I > > > can remotely force the 6509 port to > > reset/clear/refresh it's > > > ARP cache? I'm at a Sprint facility and I'd sooner > > get a live > > > body (that's not a first level phone answerer > > anyway) to talk > > > to me when I'm calling Mars than trying to get one > > at Sprint. > > > > > > Any ideas/thoughts/chastisements on missing the > > obvious here? > > > As much as I'd like to work with Cisco gear full > > time, it's > > > only a very small part of my current job and, > > consequently, due > > > to my lack of familiarity with what you guys do all > > day every > > > day, it's very likely that I'm missing something > > that all in > > > the world except me know about. > > > Thanks for any help or ideas. > > > > > > Mark > > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56715&t=56680 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
