Re: [nsp] Catalyst arp table

From: Andrey Koklin (aka@veco.ru)
Date: Wed May 22 2002 - 04:55:29 EDT


[sorry, looks, there was a problem with posting of my previous reply]

>> Is there a way with Catalysts 2900XL/3500XL to maintain IP ARP table?
>>
>> I find it almost empty, "show arp" displays only several service
>> records, like IP address of DNS server, and seems quite useless.
>> I need it for my statistics/diagnostics software. Partially, I can get
>> such information from router, but it looks as indirect and incomplete
>> method.

On Tue, 21 May 2002 10:42:11 -0400
"Todd, Douglas M." <DTODD@PARTNERS.ORG> wrote:

> The only way is if the Cat is a l3 capable like the 2948L3 or the 3548L3.

> Otherwise this is strictly a L2 device.

Yes. But interesting, that Catalysts 1900/2820, while being L2 devices
too, maintain such IP ARP table, even if it seemingly unnecessary for
their L2 switching.

Could it be, that in elder modeles this feature was disabled to prevent
ARP storm atacks?

> Out of curiosity. Why would you want to maintain
> an L3 arp table in an L2 device?

Just to get and process this information. And to get it as close, as
possible to the source. I was bewildered by the fact of presence of
such information in the earlier models of Catalysts, so I'd thought
there should exist a way to get it for 2900XL/3500XL series too.

On Tue, 21 May 2002 11:01:15 -0400
"Chris Davis" <chris.davis@computerjobs.com> wrote:

> The switch ARP table is only going to show you IPs in use on the
> management vlan for the switch.

> What you probably want from the switch is the mac table. show mac.

> Join the mac table from the switch with the arp table from your router to
> associate the mac addresses from your switch with the IP addresses on your
> network.

On Tue, 21 May 2002 15:31:03 +0100 (GMT Daylight Time)
"Ryan O'Connell" <ryan-nsp@complicity.co.uk> wrote:

> No, the Catalysts will only ARP for devices they need to communicate with
> via IP. They will not maintain an ARP table for all devices on the network
> they are switching traffic for. The best way to get the information you're
> afteris information is by polling your router ARP tables.

Yes, thank you both. It's exactly the way I go now -- using mac tables from
switches, together with router's arp table. Acceptable in main, but still
covers only inter-network/vlan traffic, while some events fall unnoticed.

In fact, I see a way (of kamikadze ;-) to force the switches to supply
such information: to turn on "debug arp" option, together with
"logging host" facility, and to process arp/rarp events myself there.
Not difficult to do, but the method looks suspicious.

-- 
Regards, Andrey.



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:44 EDT