[c-nsp] ARP requests

aaron1 at gvtc.com aaron1 at gvtc.com
Mon Aug 31 21:05:03 EDT 2020 

Looks like you should've not used the $

show ip route | include 0/1$

this would've shown routes using any subints on g0/1

show ip route | include 0/1

-aaron


-----Original Message-----
From: cisco-nsp <cisco-nsp-bounces at puck.nether.net> On Behalf Of Eugene
Grosbein
Sent: Wednesday, August 19, 2020 12:05 PM
To: Gert Doering <gert at greenie.muc.de>
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] ARP requests

19.08.2020 23:21, Gert Doering wrote:

> On Wed, Aug 19, 2020 at 10:03:29PM +0700, Eugene Grosbein wrote:
>> I have not such routes: the command "show ip route | include 0/1$" shows
nothing.
>> The interface Gi0/1 does not have any IP configuration itself, only its
sub-interfaces have.
> 
> Do you have a subinterface with no "encaps dot1q ..." configured?  
> That would be "untagged" then.

Thanks, I did not think about it. There were some left-over subinterfaces in
the configuration with empty settings at all (and without encapsulation) and
I've just removed all such interfaces.
Still, ARP requests continue to come.

> Otherwise, ask the router - "debug arp" - and for each ARP request you 
> see it issue, check the routing whether it points directly to an 
> interface.

Well, I have packet capture in my analyzer and I see all the details there,
like this:

# tcpdump -s0 -en -i $incoming ether dst ff:ff:ff:ff:ff:ff and ether src
00:26:99:28:e6:1a
23:59:06.629164 00:26:99:28:e6:1a > ff:ff:ff:ff:ff:ff, ethertype ARP
(0x0806), length 60: Request who-has 10.19.0.19 tell 10.19.0.254, length 46

At the router:
#show ip route 10.19.0.19
Routing entry for 10.19.0.0/24
  Known via "connected", distance 0, metric 0 (connected, via interface)
  Redistributing via eigrp 200
  Advertised by eigrp 200
  Routing Descriptor Blocks:
  * directly connected, via GigabitEthernet0/1.10
      Route metric is 0, traffic share count is 1

#show run int GigabitEthernet0/1.10
Building configuration...

Current configuration : 260 bytes
!
interface GigabitEthernet0/1.10
 encapsulation dot1Q 10
 ip address 10.19.1.254 255.255.255.0 secondary  ip address 10.19.0.254
255.255.255.0 end

(interface description and ip access-groups not shown)

> (And never believe what switches say about tagging vs. not)

I've saved capture to PCAP file and verified it with Wireshark, no tags.
Still cannot understand why no tags.

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list