MAC address problem

Unanswered Question
Sep 16th, 2008
User Badges:

I am having one cisco 3662 router. while i give sh ip arp command in the router it shows same MAC address for different IPs. Is there any problem with the network?please help me out......

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
satish_zanjurne Tue, 09/16/2008 - 02:43
User Badges:
  • Silver, 250 points or more


Hi,


that is called as "PROXY ARP".

Multiple IP addresses are mapped to a single MAC address, the single MAC address would be the MAC address ethernet/fastethernet/gigabitethernet of router on which your subnet is connected.


Since the ARP request is a broadcast , router does not past it, instead router replies on behlaf of the destination host sending it's own MAC address as destination MAC address.


So hosts ARP table will be populated with router's MAC address for every destination , your host tries to reach..


HTH...rate if helpful..

Richard Burts Tue, 09/16/2008 - 04:45
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Vishal


Satish is correct that one thing that can cause this symptom is proxy arp. I have also seen the same symptom when the router was connected on a subnet in which a firewall was connected and there were addresses that were reached through the firewall (or for which the firewall was doing address translation).


To answer your main question, I do not believe that this symptom necessarily indicates that there is any problem in your network. It can be the result of normal operation. Are there symptoms that indicate a problem other than multiple IP addresses associated with a single MAC address?


HTH


Rick

vishalporval Tue, 09/16/2008 - 22:52
User Badges:

Hi ,

Thanks for your reply. I have configured no proxy-arp in my router. The problem is that after certain period of time the MAC address gets changed and takes MAC address of any of the PC available in that LAN.



yeskriya007 Mon, 11/24/2008 - 12:42
User Badges:

Rick,


I have this issue, many routers connected to the firewall on the same subnet, via a c6500 with sup 32.


Show arp command from the pix, returned an output that all the IP address of the routers connected on the same subnet, were having a single MAC. That mac was corresponding to a router in the network. The entire network came to a standstill. After shutting the port connected on the switch for that particular router, we were able to see the traffic flowing as expected.


Is there a better way to troubleshoot this? Any tool or document, will be appreciated.



Karthik

Richard Burts Mon, 11/24/2008 - 13:26
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Karthik


I would think that a packet capture focused on ARP traffic might be the way to investigate this issue.


HTH


Rick

yeskriya007 Mon, 11/24/2008 - 13:31
User Badges:

Rick,


What would be the disadvantages in a network perspective, we might see by disabling 'proxy arp' ?


Will it affect the CPU processing speed, because of constant route / switching table updates...


Karthik

Richard Burts Mon, 11/24/2008 - 14:05
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Karthik


The main disadvantage that you might see is that some end stations which are not correctly configured and ARP for addresses that are not in the local subnet (could be an incorrect IP address, or incorrect subnet mask, and especially incorrect default gateway) would stop working. Proxy ARP allows the router to respond to their ARP requests and masks the fact that their configuration is not correct. When you disable Proxy ARP their incorrect configuration will stop working.


Another issue that you might experience is that if there is some router connected to this router, and if the other router is configured with a static route that just points at the outbound interface (for example ip route 0.0.0.0 0.0.0.0 FastEthernet0/0) then this works if you have enabled Proxy ARP. And it will stop working when you disable Proxy ARP.


I do not understand your question about CPU processing speed. Can you clarify this?


HTH


Rick

yeskriya007 Mon, 11/24/2008 - 21:10
User Badges:

Rick,

Thanks for the clarification.


What i meant by the CPU processing is that, if the switch is not doing a proxy function, it has to do broadcast each and every packet and update its switching table frequently. Thought this might add to the CPU utilization. But i think disabling proxy arp will make the CPU to be over utilized.


Thanks again, your explanation did really help


Karthik

yeskriya007 Thu, 11/27/2008 - 23:33
User Badges:

Rick,


In my situation, i have 20 routers connected to cisco 6500 on a particular VLAN. There is no L3 VLAN interface created in the switch. So the VLAN is just added in the VLAN database. A Cisco PIX firewall which is running 6.3.5 is connected to the same switch, on the same VLAN as of the routers. So when the customer reported the issue, i have issued Show arp in the firewall and saw that multiple ip address having the same MAC. On further inverstigation it was found that the MAC belonged to on of the router. On shutting the interface connecting the router, everything returned to normal. Also i need to mention that the default gateway for the switch is pointed to the firewall interface.


Even though i can relate this to proxy arp, but i dont have any L3 interface and proxy arp is already disabled in the firewall.


regards,

Karthik

Richard Burts Fri, 11/28/2008 - 14:00
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Karthik


One thing that could produce the symptoms that you describe is for one (or more) of the devices in that subnet to be configured with a different (not correct) subnet mask. Can you check each of the devices and confirm its subnet mask?


HTH


Rick

vishalporval Tue, 09/16/2008 - 22:51
User Badges:

Hi satish,

Thanks for your reply. I have configured no proxy-arp in my router. The problem is that after certain period of time the MAC address gets changed and takes MAC address of any of the PC available in that LAN.

satish_zanjurne Wed, 09/17/2008 - 00:04
User Badges:
  • Silver, 250 points or more


Is your network setup is working properly ??

vishalporval Fri, 09/19/2008 - 01:12
User Badges:

my network setup is OK but the problem is still persisting.

Actions

This Discussion