I have an ARP question. I have a Cisco C9200 that doesn’t seem to accept multiple IP Addresses for a given hardware address. The host that it is ARP’ing is an openBSD gateway appliance (Citrix netscaler) that has a primary IP address (NSIP) and three virtual IP addresses. All four IP address are on the same network. The host seems to gratuitously ARP the switch with its primary IP address and MAC address. So when the switch receives a packet destined for one of the virtual IP address, it ARPs for the address, and the host responds with the virtual IP Address and the same MAC address as used for the primary IP address. The switch does not update its ARP table with the newly acquired IP address and MAC address, and so traffic that is routed by the switch from other networks never makes it to the host. I have tried ARP’ing the same host from a Cisco C9300 and it has no problem associating both primary and virtual IP address to the same hardware address. What might be the difference between the two switches? ARP inspection?
Hello Jason
According to the behaviour you are describing, it seems like there is some feature that is not allowing the ARP table to correctly update the entries.
So the switch does receive an ARP response with the correct IP and MAC address? And it simply ignores it and keeps the primary address in the ARP table? In order to determine why this is the case, I suggest you use some ARP debug commands to see exactly what the switch is doing with the received ARP messages. Take a look at this Cisco documentation for further debug commands:
Also, can you confirm with a wireshark capture that the ARP messages being sent to the switch do indeed contain the virtual IP and the corresponding MAC? Since it works on the 9300 I assume these are correct, but just as a verification.
Let us know how your troubleshooting process proceeds…
I hope this has been helpful!
Laz