Is this a proxy arp issue?

Chris Knipe · ‎06-13-2012

Hi

I am a little unfamiliar with troubleshooting proxy arp type issues but I suspect I may be running into one and wanted to see if the community could help with some validation.

We have a switch in our network that is sitting behind an ASA 5510 firewall running 8.2. We monitor the switch via its loopback address and we continue to have intermittent problems with unreachability to this device. Upon the last incident, we found that the ASA's arp table is being updated with a foreign mac address for the switch that is connected. We can still ping another vlan interface on the switch, just not the lo0 which was overwritten with the weird mac address (0007.eb3d.5ec0 cisco from what I can tell). Once we ping the vlan interface on the switch, the loopback goes back to being reachable and the arp table is updated with the correct address. It appears tht the issue returns after power outages but not 100% certain on that front yet.

Any ideas on how to track down this mystical issue or help remedy it? I thought one way would be to just add a static arp entry in the firewall for the correct addresses, but would like to address the source of the issue if at all possible.

John Peterson · ‎06-13-2012

I don't belive its a proxy arp issue.

Proxy ARP is when you have a interface which holds lets says 254 /24 hosts but is assigned only one ip address from that range. If you had any static nat and acl which allows connections from the non-outside interface but same range the device would send out its own mac address to any of the source devices which are looking to connect to your IP address which is not assigned to the interface.Its acts like a middle man.

Also from this thread it states that SVI use the same IP address, is your loopback within the same vlan. If so try a different vlan.