Florescu
asked on
sho arp doesn't show mac-address and sho mac-address doesn't show the interface where ip is located
I have 3 Cisco 3750 switches that are connected via trunk links to each other. When I do:
ping 172.31.6.11
sho arp
on 1 of my switches it doesn't even show the ip and the coresponding mac-address. This particular host is physically plugged into port 10 on that switch.
on the 2nd or 3rd switch switches it shows the mac-address and it's the same mac-address for a lot of different ip addresses, meaning that these ips are located on a different switch. I follow it up the chain and then when I get to the 1st switch and I try to do a "sho mac-address-table", it shows that it's going out of interface 1/0/1 which goes out to another location across town.
Here's my config for that 1st switch where this host is located:
Current configuration : 8085 bytes
!
! Last configuration change at 15:07:48 PDT Tue Oct 9 2007 by admin
! NVRAM config last updated at 15:10:07 PDT Wed Sep 19 2007 by admin
!
version 12.2
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname 1st3750
!
enable password 7 094D4C0A0D
!
username damiens privilege 15 password 7 070833494B071E0C161C1F
username admin privilege 15 secret 5 $1$/6HF$Gm0.fqpPuvmoiM3tDo Duh1
no aaa new-model
clock timezone PST -8
clock summer-time PDT recurring
switch 1 provision ws-c3750g-24ts
vtp domain TEST
vtp mode transparent
ip subnet-zero
ip cef load-sharing algorithm universal CB41AB75
ip domain-name dcipa.com
ip name-server 172.16.x.x
ip name-server 172.16.x.x
!
!
mls qos
!
crypto pki trustpoint TP-self-signed-3281851776
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi cate-32818 51776
revocation-check none
rsakeypair TP-self-signed-3281851776
no file verify auto
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 99
name voice
!
vlan 100
name IT
!
vlan 120
name TEST
!
vlan 121
name ABC-Servers
!
vlan 300
name management
!
interface GigabitEthernet1/0/1
description to HMP
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/2
switchport access vlan 100
switchport voice vlan 99
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport access vlan 100
switchport voice vlan 99
spanning-tree portfast
!
interface GigabitEthernet1/0/4
switchport access vlan 100
switchport voice vlan 99
spanning-tree portfast
!
interface GigabitEthernet1/0/5
switchport access vlan 100
switchport voice vlan 99
spanning-tree portfast
!
etc, etc......
interface GigabitEthernet1/0/22
switchport access vlan 100
switchport voice vlan 99
spanning-tree portfast
!
interface GigabitEthernet1/0/23
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/24
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan300
ip address 172.30.x.x 255.255.255.0
no ip route-cache
!
ip default-gateway 172.30.x.x
ip classless
ip http server
no ip http secure-server
!
snmp-server community abct RW
snmp-server community public RO
!
control-plane
ping 172.31.6.11
sho arp
on 1 of my switches it doesn't even show the ip and the coresponding mac-address. This particular host is physically plugged into port 10 on that switch.
on the 2nd or 3rd switch switches it shows the mac-address and it's the same mac-address for a lot of different ip addresses, meaning that these ips are located on a different switch. I follow it up the chain and then when I get to the 1st switch and I try to do a "sho mac-address-table", it shows that it's going out of interface 1/0/1 which goes out to another location across town.
Here's my config for that 1st switch where this host is located:
Current configuration : 8085 bytes
!
! Last configuration change at 15:07:48 PDT Tue Oct 9 2007 by admin
! NVRAM config last updated at 15:10:07 PDT Wed Sep 19 2007 by admin
!
version 12.2
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname 1st3750
!
enable password 7 094D4C0A0D
!
username damiens privilege 15 password 7 070833494B071E0C161C1F
username admin privilege 15 secret 5 $1$/6HF$Gm0.fqpPuvmoiM3tDo
no aaa new-model
clock timezone PST -8
clock summer-time PDT recurring
switch 1 provision ws-c3750g-24ts
vtp domain TEST
vtp mode transparent
ip subnet-zero
ip cef load-sharing algorithm universal CB41AB75
ip domain-name dcipa.com
ip name-server 172.16.x.x
ip name-server 172.16.x.x
!
!
mls qos
!
crypto pki trustpoint TP-self-signed-3281851776
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-3281851776
no file verify auto
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 99
name voice
!
vlan 100
name IT
!
vlan 120
name TEST
!
vlan 121
name ABC-Servers
!
vlan 300
name management
!
interface GigabitEthernet1/0/1
description to HMP
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/2
switchport access vlan 100
switchport voice vlan 99
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport access vlan 100
switchport voice vlan 99
spanning-tree portfast
!
interface GigabitEthernet1/0/4
switchport access vlan 100
switchport voice vlan 99
spanning-tree portfast
!
interface GigabitEthernet1/0/5
switchport access vlan 100
switchport voice vlan 99
spanning-tree portfast
!
etc, etc......
interface GigabitEthernet1/0/22
switchport access vlan 100
switchport voice vlan 99
spanning-tree portfast
!
interface GigabitEthernet1/0/23
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/24
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan300
ip address 172.30.x.x 255.255.255.0
no ip route-cache
!
ip default-gateway 172.30.x.x
ip classless
ip http server
no ip http secure-server
!
snmp-server community abct RW
snmp-server community public RO
!
control-plane
ASKER
I understand that but I have a bunch of different VLANs on the switch. If I'm trying to see the ARP table for all the IPs in all the different VLANs, how should I proceed?
You will ONLY have entries for devices on IP networks that you are part of.
If you were to do this on a multilayer switch then you could generate traffic to the directly connected networks and see the ARP cache fill.
If you were to do this on a multilayer switch then you could generate traffic to the directly connected networks and see the ARP cache fill.
ASKER
I figured it out. I have to do a sho arp on the device that does the routing between the VLANs. Then I was able to get the mac-address and follow that thru the switches to see what port it was on.
Yeah. That's what I meant. Multilayer switch, router, layer 3 switch, etc.
ASKER
Not to beat a dead horse but when I go to my Cisco 6513 (multi layer switch) and I try to ping a different address in a different vlan/subnet and then do a
sho arp | include 172.16.0.30
it doesn't show anything.
If I do:
sho arp | include 172.31.6.11
it shows the mac address and the vlan.
The IP 172.16.0.30 is physically connected to one of the ports on the 6513. The IP 172.31.6.11 is not physically connected to the 6513.
sho arp | include 172.16.0.30
it doesn't show anything.
If I do:
sho arp | include 172.31.6.11
it shows the mac address and the vlan.
The IP 172.16.0.30 is physically connected to one of the ports on the 6513. The IP 172.31.6.11 is not physically connected to the 6513.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>interface Vlan300
> ip address 172.30.x.x 255.255.255.0
If I understand your issue correctly, you won't see an ARP entry for the IP address 172.31.6.11 if the source IP address is 172.30.x.x. They're on different networks.
BTW, there's no need to hide your IP addresses if they're private. Your password hash is something you would want to hide though.