proper usage of arp cmd on old 1602R Cisco router

[Kydd]

We have a problem where our replacement firewall is showing the MAC address on a 'show arp' command as "Incomplete". I've tried changing the main switch the network goes into with no luck. Not sure why it'd be incomplete!

I can't seem to get the syntax correct on the arp command. Seeing if anyone here might. Here are some results from my session:

show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.22 0 0008.a109.4021 ARPA Ethernet0
Internet 192.168.1.254 0 Incomplete ARPA

-----------------------------

config
Configuring from terminal, memory, or network [terminal]? terminal
Enter configuration commands, one per line. End with CNTL/Z.

arp 192.168.1.1 0090.7F1A.0179 e0

% Invalid input detected at '^' marker.

-----------------------------

arp 192.168.1.1 0090.7F1A.0179 Ethernet0
^
% Invalid input detected at '^' marker.

-----------------------------

(config)#arp Ethernet0 192.168.1.1 0090.7F1A.0179

% Invalid input detected at '^' marker.

-----------------------------
arp e0 192.168.1.1 0090.7F1A.0179
^
% Invalid input detected at '^' marker.

-----------------------------
Now here I at least do not get an error:

arp 192.168.1.254 0090.7F1A.0177 arpa

Internet 192.168.1.254 - 0090.7f1a.0177 ARPA

-----------------------------
When I run 'show arp':

Internet 192.168.1.254 - 0090.7f1a.0177 ARPA

Notice the Interface field is blank!
-----------------------------
Here's what happens when I try to add the interface:

arp 192.168.1.254 0090.7F1A.0177 arpa Ethernet0
Bad ARP command - Interface may only be specified when bridging IP

---------------
Anyone see what I'm doing wrong? I am using these 2 Cisco reference pages, both which have slight variations on the 'arp' command syntax:

http://www.cisco.com/en/US/products...figuration_guide_chapter09186a00801ee712.html

http://www.cisco.com/en/US/products/ps5763/products_command_reference_chapter09186a008029ec65.html

 

[tmt7734]

What are yuo trying to acomplish by this? You should not need to add a static ARP entry to you router. What device has and IP address of 192.168.1.254?

 

[Kydd]

Yes I would agree that I should NOT have to manually add a static IP address. 192.168.1.254 is the address of a new replacement firewall from Watchguard called an Edge. We are trying to replace an older Watchguard SOHO firewall which is working but is older and missing some features that we'd like. To complicate matters further we can't get into the config of the old SOHO since noone passed on the username/password prior to my starting here so resetting to factory default is not an option. Bottom line is when I plug in the new Watchguard, I can restart the main hub and the Cisco, as well as run 'clear arp-cache' but the MAC address of the Watchguard never registers correctly and shows as 'Incomplete'. So that's what led me to the potential solution of adding an arp entry.

The reason for the Cisco was for routing of our enterprise reporting system (ERP) to a serial-attached modem which goes from our warehouse to our home office. Any traffic bound for the IP address of the modem leads to our ERP system and all other traffic goes to the Watchguard. So here's a config dump (x's an y's replacing the actual IP):

Cisco router config, Warehouse router ip 192.168.1.1
pwd ****
en pwd ****

Current configuration:
!
version12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Warehouse
!
enable secret 5 ******
!
ip subnet-zero
!
!
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip helper-address x.x.2.200
no ip directed-broadcast
!
interface Serial0
bandwidth 56000
ip address y.y.1.2 255.255.255.252
no ip directed-broadcast
service-module 56k clock source line
service-module 56k network-type dds
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip route x.x.2.0 255.255.255.0 y.y.1.1
!
!
line con 0
transport input none
line vty 0 4
password ****
login
!
end

 

[tmt7734]

OK,

The context of the arp command is:

arp ip-address hardware-address encapsulation-type

You cannot specify the interface, as that is just informational for which interface the ip - mac address peer was discovered on.

When you entered:
"Now here I at least do not get an error:
arp 192.168.1.254 0090.7F1A.0177 arpa
Internet 192.168.1.254 - 0090.7f1a.0177 ARPA"

You were correct.

I think there is something else wrong since arp in the router isn't able to pickup the ip-mac paring of the watchgaurd automatically. Have you checked a PC's arp table to see if it can pickup the Watchgaurd? Can you ping the firewall from the 1602?

 

[Kydd]

You can not ping the Watchguard from the 1602 (no reply). I'll have to plug the replacement router in again to check from a PC and run 'arp -a' from a cmd line.

As for your comment regarding the command syntax being correct, any idea why the Interface is not displaying in the 'show arp' command? It does w/ the old SOHO in place.

What are other reasons for the Cisco not being able to pickup the ip-mac paring?

 

[Kydd]

As an update, the other machines do not see the Watchguard when running arp -a.

A suggestion to mimic the SOHO's MAC address on the Edge by going to the configuration page of the Edge -> Firewall -> Firewall Options -> Enable MAC address override -> Enter the SOHO's MAC address and then Submit

This also did not work.

A suggestion from a Cisco admin was this which also did not work:

Your router is defaulted to use an ip proxy-arp. To disable this please issue the command no ip proxy-arp under global config of the router.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094adb.shtml