Symptom
A Catalyst 9300 switch may not punt a Gratuitous ARP packet to the CPU.
This results in ARP entries not updating if the MAC address changes for the IP, resulting in black-holing of traffic
The G-ARP packet can be observed via embedded packet capture utility on the interface where it is received but is not observed in a FED punt debug indicating the packet is not sent to the CPU
Conditions
G-ARP packet coming in L2 interface when MAC address is different from current ARP entry MAC address
This can be observed when multiple devices share a virtual IP in an active/standby setup and rely on G-ARP to update the MAC on the ARP entry when failovers are performed
This behavior has been observed on 17.6.4
Workaround
Clear ARP entry manually
Lower ARP timeout on L3 interface to an acceptable value to force the entry to age out faster and trigger a new ARP request/reply
Default aging timer is 4 hours but can be significantly lowered if required
Further Problem Description
