cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3231
Views
5
Helpful
13
Replies

MAC address problem

vishalporval
Level 1
Level 1

I am having one cisco 3662 router. while i give sh ip arp command in the router it shows same MAC address for different IPs. Is there any problem with the network?please help me out......

13 Replies 13

satish_zanjurne
Level 4
Level 4

Hi,

that is called as "PROXY ARP".

Multiple IP addresses are mapped to a single MAC address, the single MAC address would be the MAC address ethernet/fastethernet/gigabitethernet of router on which your subnet is connected.

Since the ARP request is a broadcast , router does not past it, instead router replies on behlaf of the destination host sending it's own MAC address as destination MAC address.

So hosts ARP table will be populated with router's MAC address for every destination , your host tries to reach..

HTH...rate if helpful..

Vishal

Satish is correct that one thing that can cause this symptom is proxy arp. I have also seen the same symptom when the router was connected on a subnet in which a firewall was connected and there were addresses that were reached through the firewall (or for which the firewall was doing address translation).

To answer your main question, I do not believe that this symptom necessarily indicates that there is any problem in your network. It can be the result of normal operation. Are there symptoms that indicate a problem other than multiple IP addresses associated with a single MAC address?

HTH

Rick

HTH

Rick

Hi ,

Thanks for your reply. I have configured no proxy-arp in my router. The problem is that after certain period of time the MAC address gets changed and takes MAC address of any of the PC available in that LAN.

Rick,

I have this issue, many routers connected to the firewall on the same subnet, via a c6500 with sup 32.

Show arp command from the pix, returned an output that all the IP address of the routers connected on the same subnet, were having a single MAC. That mac was corresponding to a router in the network. The entire network came to a standstill. After shutting the port connected on the switch for that particular router, we were able to see the traffic flowing as expected.

Is there a better way to troubleshoot this? Any tool or document, will be appreciated.

Karthik

Karthik

I would think that a packet capture focused on ARP traffic might be the way to investigate this issue.

HTH

Rick

HTH

Rick

Rick,

What would be the disadvantages in a network perspective, we might see by disabling 'proxy arp' ?

Will it affect the CPU processing speed, because of constant route / switching table updates...

Karthik

Karthik

The main disadvantage that you might see is that some end stations which are not correctly configured and ARP for addresses that are not in the local subnet (could be an incorrect IP address, or incorrect subnet mask, and especially incorrect default gateway) would stop working. Proxy ARP allows the router to respond to their ARP requests and masks the fact that their configuration is not correct. When you disable Proxy ARP their incorrect configuration will stop working.

Another issue that you might experience is that if there is some router connected to this router, and if the other router is configured with a static route that just points at the outbound interface (for example ip route 0.0.0.0 0.0.0.0 FastEthernet0/0) then this works if you have enabled Proxy ARP. And it will stop working when you disable Proxy ARP.

I do not understand your question about CPU processing speed. Can you clarify this?

HTH

Rick

HTH

Rick

Rick,

Thanks for the clarification.

What i meant by the CPU processing is that, if the switch is not doing a proxy function, it has to do broadcast each and every packet and update its switching table frequently. Thought this might add to the CPU utilization. But i think disabling proxy arp will make the CPU to be over utilized.

Thanks again, your explanation did really help

Karthik

Rick,

In my situation, i have 20 routers connected to cisco 6500 on a particular VLAN. There is no L3 VLAN interface created in the switch. So the VLAN is just added in the VLAN database. A Cisco PIX firewall which is running 6.3.5 is connected to the same switch, on the same VLAN as of the routers. So when the customer reported the issue, i have issued Show arp in the firewall and saw that multiple ip address having the same MAC. On further inverstigation it was found that the MAC belonged to on of the router. On shutting the interface connecting the router, everything returned to normal. Also i need to mention that the default gateway for the switch is pointed to the firewall interface.

Even though i can relate this to proxy arp, but i dont have any L3 interface and proxy arp is already disabled in the firewall.

regards,

Karthik

Karthik

One thing that could produce the symptoms that you describe is for one (or more) of the devices in that subnet to be configured with a different (not correct) subnet mask. Can you check each of the devices and confirm its subnet mask?

HTH

Rick

HTH

Rick

Hi satish,

Thanks for your reply. I have configured no proxy-arp in my router. The problem is that after certain period of time the MAC address gets changed and takes MAC address of any of the PC available in that LAN.

Is your network setup is working properly ??

my network setup is OK but the problem is still persisting.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco