ARP and Layer 3 Switch

[Aaron12345]

So in work I have noticed the ARP table on my machine only updates connected to the machines on the same switch as my machine.

 

On the 2nd switch over and 3rd the ARP table doesn't show any information.

 

Anyone know why this maybe?

 

All switches are lv3

[scottyseng]

Do you have a network diagram?

 

Is it like this:

PCs -> Switch 1 -> Switch 2 -> Switch 3?

[Aaron12345]

49 minutes ago, scottyseng said:

Do you have a network diagram?

 

Is it like this:

PCs -> Switch 1 -> Switch 2 -> Switch 3?

Yes and let's say my pc connected to one and other machines connected to all 3

[Aaron12345]

Don't have a diagram ATM as not in work for a few weeks

[brwainer]

Do you have any layer 3 features enabled? A layer 3 switch that hasn’t been configured to do anything like routing shouldn’t actually affect the traffic.

[Aaron12345]

23 minutes ago, brwainer said:

Do you have any layer 3 features enabled? A layer 3 switch that hasn’t been configured to do anything like routing shouldn’t actually affect the traffic.

I would expect there default, I couldnt say exactly I'm new and just getting into it

[brwainer]

25 minutes ago, Aaron12345 said:

I would expect there default, I couldnt say exactly I'm new and just getting into it

Sounds like you need to get in and see how they are configured, both at layer 2 and layer 3.

[Aaron12345]

On 6/3/2019 at 3:15 PM, brwainer said:

Sounds like you need to get in and see how they are configured, both at layer 2 and layer 3.

Turns out Layer 3 switches out of the box run PROXY ARP (LAYER 3 PROTOCOL), more secure as you wont be able to MAC for devices connected to other switches.

 

This means that SW1 wont be able to see MAC addresses of end devices connected to SW2. As when SW1 sends it ARP Request for I.E 192.168.2.101 SW2 will reply with 192.168.2.101 and instead of the devices MAC it will add its own SW2 Int MAC.

 

Layer 3 switches have a MAC for each Int.

[brwainer]

3 hours ago, Aaron12345 said:

Turns out Layer 3 switches out of the box run PROXY ARP (LAYER 3 PROTOCOL), more secure as you wont be able to MAC for devices connected to other switches.

 

This means that SW1 wont be able to see MAC addresses of end devices connected to SW2. As when SW1 sends it ARP Request for I.E 192.168.2.101 SW2 will reply with 192.168.2.101 and instead of the devices MAC it will add its own SW2 Int MAC.

 

Layer 3 switches have a MAC for each Int.

I would not assume this is true for every brand - for example I know that none of the HP/Aruba switches perform this way by default, even the top end ones that are even capable of BGP. What model of switches are those?

 

EDIT: to confirm I looked up the documentation, for HP/Aruba, proxy ARP is disabled by default, and can be enabled on a per-VLAN basis.

[Aaron12345]

3 hours ago, brwainer said:

I would not assume this is true for every brand - for example I know that none of the HP/Aruba switches perform this way by default, even the top end ones that are even capable of BGP. What model of switches are those?

 

EDIT: to confirm I looked up the documentation, for HP/Aruba, proxy ARP is disabled by default, and can be enabled on a per-VLAN basis.

CISCO 9400

[brwainer]

3 hours ago, Aaron12345 said:

CISCO 9400

Good to know, thanks.