Gratuitous ARP and Basics of Connecting a Cisco IOS Switch with a Cisco CatOS Switch


Cisco Catalyst C4003

Cisco Catalyst C4003

Some of you may have an old Cisco Catalyst switch laying around that you may want to put to use. CatOS is the old Cisco operating system for Catalyst switches that predates IOS; it can still be found on some of the old Catalyst switches which are now End of Life (EOL). In this lab I connect a Cisco Catalyst 3548-XL (Model WS-C3548-XL-EN) [IOS 12.0(5)WC13] with a Cisco Catalyst 4003 chassis (Model WS-C4003) [CatOS 5.5(20)] to demonstrate basic configuration and switching between the two. Gratuitous ARP is also discussed and demonstrated in this lab. The setup is as shown in the below lab diagram.

Lab Setup - Catalyst 3548-XL (IOS) and Catalyst 4003 (CatOS)

Lab Setup - Catalyst 3548-XL (IOS) and Catalyst 4003 (CatOS)


In the above lab setup, I simply erased the configs on both switches to put them at factory default; so, by default, all ports on both switches are in VLAN 1. Interestingly, the Catalyst 3548-XL comes back up after the reload with all ports on by default and part of the default VLAN, VLAN 1; however, the Catalyst 4003 has all ports off by default and part of the default VLAN, VLAN 1.


Catalyst 3548-XL – Start with default config

- enable
- config t
- delete vlan.dat
- erase startup-config
- reload


Catalyst 4003 – Start with default config

- enable
- clear config


Another interesting thing to note in switches running CatOS is that when users enter the commands in enable mode, the configuration is saved in NVRAM automatically. In IOS, users must use the “write memory” command or the “copy running-config startup-config” command to save the configuration. This is why we were able to simply reset the configuration on the Catalyst 4003 be using the “clear config” command. The command reset the system and module configuration.


It is important to note that the command does not clear the boot variables, such as ‘config-register’ and boot system settings. You can see these settings with the “show boot [module #] command”. If desired, you can alter the boot variable settings with the “set boot” command. Also, if the switch has any router cards, the “clear config all” command does not clear the Cisco IOS configuration on the router cards.


A “Supervisor Engine” is a module that is installed in the Cisco Catalyst chassis switches or routers. The “Supervisor Engine” contains pretty much the same components of a pizza-box Cisco switch or router. There are different types of “Supervisor Engines” which vary in features/functionality. Supervisor Engine I is only deployed with Cisco Catalyst 4003 switches which is what I have in this case. Supervisor Engine II is deployed in the Cisco Catalyst 4006, 4503, and 4506 switches for entry-level, and only Layer 2 switching with Cisco CatOS.


Supervisor I and Supervisor II only supports CatOS. In order to have Layer 3 functionality in these switches, you can install Catalyst 4000 Layer 3 Services Module (WS-X4232-L3).

Cisco WS-X4012 (Supervisor Engine I) - deployed in the Cisco Catalyst 4003 switch only

Cisco WS-X4012 (Supervisor Engine I) - deployed in the Cisco Catalyst 4003 switch only


To clear the configuration on router cards (WS-X4232-L3 modules on the 4000 switches, Route Switch Modules [RSMs]/Route Switch Feature Cards [RSFCs] on the 5500/5000 switches, or the Multilayer Switch Modules [MSMs]/Multilayer Switch Feature Cards [MSFCs] on the 6500/6000 switches), you can access the router card with the “session” command. Then if IOS is employed, simply delete the config and reload. Don’t forget to delete the “vlan.dat” file – on 6500/6000 switches, use the “erase const_nvram:” command; on the 4500/4000 switches, use the “erase cat4000_flash:” command; finally, on the fixed configuration switches, use the “delete flash:vlan.dat” command.


In this lab, I am using a Catalyst 4003 with Supervisor Engine I and do not have any such routing modules, so erasing the configuration is pretty simple as shown above. I’m only using the WS-X4232-GB-RJ module for connectivity; it’s a 32 x 10/100 + 2 x GBIC linecard designed for Catalyst 4000, 4003, and 4006 chassis’s.

Cisco WS-X4232-GB-RJ Module (32 x 10/100 + 2 x GBIC)

Cisco WS-X4232-GB-RJ Module (32 x 10/100 + 2 x GBIC)


The gigabit Ethernet ports support any combination of shortwave (1000Base-SX), longwave (1000Base-LX)/long-haul (1000Base-LH), and extended range (1000Base-ZX) Gigabit Interface Converters (GBICs).

Cisco 1000Base-SX GBIC

Cisco 1000Base-SX GBIC


Since after wiping the config, the ports don’t come up by default on the Catalyst 4003 chassis, I enter the “set port enable 2/1″ command in ‘enable’ mode.


Before any cables are physically connected, I see the below outputs on the two respective switches.

Cisco Catalyst 3548-XL - "show mac-address-table" output

Cisco Catalyst 3548-XL - "show mac-address-table" output

Cisco Catalyst 4003 - "show cam dynamic" output

Cisco Catalyst 4003 - "show cam dynamic" output


After the cables are physically connected, I see the below outputs on the two respective switches.

Cisco Catalyst 3548-XL - "show mac-address-table" output

Cisco Catalyst 3548-XL - "show mac-address-table" output

Cisco Catalyst 4003 - "show cam dynamic" output

Cisco Catalyst 4003 - "show cam dynamic" output


After host 1 (5.0.0.1/24) pings host 2 (5.0.0.2/24), I see the below outputs on the two respective switches.

Cisco Catalyst 3548-XL - "show mac-address-table" output

Cisco Catalyst 3548-XL - "show mac-address-table" output

Cisco Catalyst 4003 - "show cam dynamic" output

Cisco Catalyst 4003 - "show cam dynamic" output


It is important to note that the end devices I am using are IXIA ports that don’t auto-arp when connected. I have a rather old IXIA, but some new IXIA traffic generators with a more recent OS have an auto-arp option you can use.


For testing purposes, I disconnect the two IXIA hosts and the MAC address entries disappear instantly from both devices. Next, I connect both IXIA hosts and confirm that the MAC address entries still have not reappeared.


Next, I send an ARP message from IXIA host 1 and observe the MAC address entries on both switches.

Cisco Catalyst 3548-XL - "show mac-address-table" output

Cisco Catalyst 3548-XL - "show mac-address-table" output

Cisco Catalyst 4003 - "show cam dynamic" output

Cisco Catalyst 4003 - "show cam dynamic" output


I notice that after a short time, the MAC address entry of IXIA host 1 disappears from both switches, so I confirm what the MAC address timeout is for the respective tables.

Cisco Catalyst 3548-XL - "show mac-address-table aging-time" output

Cisco Catalyst 3548-XL - "show mac-address-table aging-time" output

Cisco Catalyst 4003 - "show cam agingtime" output

Cisco Catalyst 4003 - "show cam agingtime" output


Next, I send an ARP message from IXIA host 1 and IXIA host 2 and observe the MAC address entries on both switches.

Cisco Catalyst 3548-XL - "show mac-address-table" output

Cisco Catalyst 3548-XL - "show mac-address-table" output

Cisco Catalyst 4003 - "show cam dynamic" output

Cisco Catalyst 4003 - "show cam dynamic" output


Interesting; so now we have an entry that is new – “00-04-27-e1-82-40″. I suspect this to be the MAC address of VLAN 1 on the Cisco Catalyst 3548-XL. We can quickly confirm this as shown below.

Cisco Catalyst 3548-XL - "show interfaces vlan 1" output

Cisco Catalyst 3548-XL - "show interfaces vlan 1" output


Instead of using IXIA, I connect a Windows XP PC (5.0.0.3/24) to interface FastEthernet 0/3 on the Cisco Catalyst 3548-XL. As you can see below, the MAC address entry immediately shows up on both switches.

Cisco Catalyst 3548-XL - "show mac-address-table" output

Cisco Catalyst 3548-XL - "show mac-address-table" output

Cisco Catalyst 4003 - "show cam dynamic" output

Cisco Catalyst 4003 - "show cam dynamic" output


So exactly what is going on here? Why did the MAC address of the host device update on the switches on its own this time? The reason is because of “gratuitous ARP”. Here, ARP is used as a simple announcement protocol. Gratuitous ARP is an announcement or message for updating other hosts’ mapping of a hardware address when the sender’s IP address or MAC address has changed.


The gratuitous ARP message is usually broadcast as an ARP request containing the sender’s protocol address (SPA) in the target field (TPA=SPA) and the target hardware address (THA) set to zero. An alternative is to broadcast an ARP reply with the sender’s hardware and protocol addresses (SHA and SPA) duplicated in the target fields (TPA=SPA, THA=SHA).


The intention of an ARP announcement is not to solicit a reply; the intent is to update any cached entries in the ARP tables of other hosts that receive the packet. However, the operation code may indicate a request or a reply because the ARP standard specifies that the opcode is only processed after the ARP table has been updated from the address fields.


As was the case in this lab with the Windows XP host, many operating systems perform gratuitous ARP when connecting to a network. This helps to resolve problems which could otherwise occur; for example, if a network card is changed (changing the IP to MAC address mapping) and other hosts still have the old mapping in their ARP caches, communication will fail until the old ARP entry in their respective cache times-out.


Interestingly, gratuitous ARP is also used by some interface drivers to provide load balancing for incoming traffic. In a team of network cards, it is used to announce a different MAC address within the team that should receive incoming packets. This is actually the case for a storage device I’m very familiar with – Dell EqualLogic storage (see Using Dell EqualLogic iSCSI Arrays for Remote Storage).


I did a Wireshark packet capture of the Windows XP PC to show the gratuitous ARP packets that are sent out upon connection to the Cisco Catalyst 3548-XL.

Wireshark capture showing "gratuitous ARP" message

Wireshark capture showing "gratuitous ARP" message


You can see the gratuitous ARP packet details below.

Gratuitous ARP Packet Details (Wireshark)

Gratuitous ARP Packet Details (Wireshark)


If interested, you can download the Wireshark gratuitous ARP packet capture file (.pcap) from the download section or direct link here.

Twitt

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

One Response to “Gratuitous ARP and Basics of Connecting a Cisco IOS Switch with a Cisco CatOS Switch”

  1. Ian says:

    Nice article.

Leave a Reply

*


2 × three =