I know that the Cisco's default ARP entry expiration is 240 minutes, however how does the ARP table mechanism work when a different MAC address is seen using the same IP?
In other words, if I move an IP to another device and the MAC associated with it therefore changes, isn't the ARP table on a Cisco switch going to overwrite that original ARP table entry immediately with the new MAC to IP association?
Take for example computer A is using 172.17.1.20 with MAC aaaa.bbbb.cccc. I then decommission computer A and give its IP 172.17.1.20 to computer B which has a MAC of 1111.2222.3333. When the switch sees traffic from computer b using 1111.2222.3333 won't it automatically update its ARP table entry to reflect this changed MAC associated with IP 172.17.1.20?
Best Answer
An ARP table entry in a host (routers are hosts, too) is created or updated when an ARP packet is seen. In your example where a host IPv4 address is changed, the router (or any other host on the network) will have no way to know that the address has changed until it sees an ARP packet from the changed host.
That can happen in a could happen in a couple of ways. The changed host could send a gratuitous ARP packet, or it could send an ARP request for another host. The router itself may have a packet for the new IPv4 address, and it would then send and ARP request for that address.
Remember that ARP table entries are indexed by the IPv4 address, not the MAC address, so there could be several entries with the same MAC address. That would certainly be the case for a host with multiple IPv4 addresses on the same interface (rare but not unheard of).
Switches update the MAC address table (not an ARP table) every time it sees a frame entering the switch. The switch MAC address table is indexed by MAC address, and any frame will update the MAC address table with the source MAC address. Switches do not care about the IPv4 address, so they do not have ARP tables relating the MAC address to the IPv4 address, so they do not care if an IPv4 address is changed on a device.