What you may be seeing is a feature called 'proxy arp'. I'm not 100% sure of hte origins of it, but I know that in the real world it masks netmask/gateway problems on the clients. How? Well the switch sees an ARP request for something, and if it has a valid route to it, it sends out a proxy arp reply, with it's MAC instead. This allows the misconfigured client to send the packet as Layer2 to the switch, which can then route the packet. So if the client has a bad netmask or gateway, it will be ARPing for hosts that are not local, and the switch will 'fix' it. In practice I turn it off on all my boxes, because all it REALLY does for us is mask client issues, and fills up the ARP tables :) Ken
________________________________ From: [email protected] on behalf of marc abel Sent: Wed 3/2/2011 7:46 PM To: [email protected] Subject: [OSL | CCIE_RS] Arp Watch Flip Flops I hope you don't mind me asking a real world question here, I think the content is plenty relevant to the studies at hand. I have ARP watch running on my network and I am regularly seeing a flip flop occur from one of the hosts in a fairly new VLAN. Two 4506's have an interface in this VLAN with HSRP running between them. The host IP keeps flipping between the MAC of the laptop, and the MAC of the standby switch. This doesn't happen rapidly, but maybe a few times a day. To me this implies that the secondary switch is occasionally answering ARP query's for the host's IP address. Can anyone give an explanation or a theory of why the switch would do that? Thank you, Marc _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
