This topic is to discuss the following lesson:
Great lesson, however I have a questions if you please clarify.
How do I change the ARP table timeout so it matches the aging time of the MAC address table.?
How can we make one vlan as gateway if we have multiple vlans on the distribution switch connects to different closets on the floors? For example we have
vlan 2 - serves second floor and it is on our distribution
ip address 192.168.2.1/24
vlan3- serves 3rd floor
inter vlan 3
ip address 192.168.3.1/24
In the closet 2 floor access layer switch has an ip address of 192.168.2.5 with default gateway of 192.168.2.1.
Same topology is applied for other floors.
You can use the “ip arp timeout” command on the switch to change it.
For each VLAN you will need a gateway but you will have to consider which device(s) you use as the gateway. Like in my example, by using two different switches like this we got this issue. If I would use one switch as the gateway for both VLANs then I wouldn’t have this problem.
Great lesson rene, is it really advisable to have the ARP Timeout = Aging time of Mac address?
Thanks. It depends on your design, if it is similar to my example then yes that would be a good idea.
thanks. what if i only have 1 multilayer switch? then it is not needed to have the ARP timeout equals to the aging of mac? if its true then, is there a disadvantage if i make the ARP timeout = to aging of mac with a 1 multilayer switch only?
With only switch then this will not occur. There’s no (dis)advantage of changing the ARP timeout.
I wonder why default ARP timer is CISCO is 240 minutes, when it is 1 minute in Linux!!! In the mixed environment, this is a huge discrepancy for the devices. What exactly are prons/cons of 1 min (windows store max for 10 minutes) vs 240 minutes except what already been recommended earlier for MAC aging = ARP aging.
I agree 240 minutes is a long time, especially compared to the Linux/Windows defaults. The only downside of short ARP aging would be that you get more ARP requests which is broadcasted. If you have large broadcast domains and many devices, that could be something to think about. Otherwise it shouldn’t hurt…
Hi, i lost you at this part
SW2 will put the IP packet from host 2 in an Ethernet frame that has its own MAC address as the source. It will then be forwarded to SW1. The problem here is that SW1 will never learn the MAC address of host 2.
When H1 actually replies with icmp reply packets, wouldn’t the switches learn of H1’s mac address in their vlan/trunk ?
I can understand the initial broadcast to get H1 to reply, but what i dont understand is why this problem persists for the entire 1000 frames.
Do the switches (mac-address-table) only get updated with ARP packets or do they do so for all sort of frames ?
Switches will learn source MAC addresses from any Ethernet frame. The problem here, is that SW2 is unable to learn H1’s MAC address and SW1 is unable to learn H2’s MAC address.
When H1 replies with an ICMP reply, it will send it to SW1 (its default gateway) in VLAN 10.
SW1 receives it in VLAN 10, routes it and decides to forward it to VLAN 20. It builds a new Ethernet frame with its own MAC address as the source.
That’s the key to this problem…SW2 will never learn the source MAC address of H1 since SW1 inserts its own MAC address as the source. It never sees the MAC address of H1. The only time it was able to learn it was the first ARP, since that is a broadcast frame…
Does that make sense?
thanks i understand now.
Because of the ARP’s entry in each switch, ARP request/broadcast is not used.
During the routing part, the source mac address will be replaced with the vlan’s l3 interface, while the dest mac will be followed with ARP request.
However, since the mac in ARP request is not in the mac-address table is not found, it is replaced with broadcast instead.
is this understanding correct ?
Can the same situation occur with HSRP if one switch is designated for vlan 20 and the other for vlan 10 ?
You suggest “Change your network design. Use a single router or multilayer switch as the default gateway for all VLANs.”
I think the problem is that you have 2 SVIs for each VLAN not that they are on a different switch.
If the SVI for VLAN 10 was on one switch and VLAN 20 on the other but only one SVI per vlan I think we do not get this problem. Right ?
This situation could also occur with HSRP yes. Cisco has a good example for this:
Having only one SVI per switch would solve the problem but it’s not the underlying problem here It’s fine to have multiple SVI interfaces on your switches, if you use one switch as the default gateway for both VLANs then you wouldn’t have this problem.
I have some question. What if H1 ping to H4 vlan 10(same subnet?) ,will SW2 learn MAC from H1?
Thank in advance
If H1 and H4 are on the same subnet, then no routing will take place. That means that the frame that goes through SW1 and SW2 will have the same source MAC (H1’s MAC) and destination MAC (H4’s MAC) in the frame throughout the whole transmission. So, yes SW2 will learn the MAC address from H1. Actually, both switches will learn both MAC addresses.
I hope this has been helpful!
Thank you for your support, Lazaros Agapides
I think there is a mistake here
When SW1 routes traffic from VLAN 10 to <strong>VLAN 10</strong>, it will use an Ethernet frame that has its own MAC address as the source. As a result, SW2 will never learn the MAC address of host1. When SW2 wants to send something to host 1, it will flood the packets on all interfaces in VLAN 10:
You mean Vlan 20 ?
That is a typo yes, just fixed it. Thanks!
This is very informative. I had heard that it’s best to match your ARP cache timeout to your aging timers but never knew why until now.