Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1294
Views
15
Helpful
7
Replies

no ip redirects/no ip proxy-arp in GLBP

alsayed
Level 1
Level 1

‎12-06-2007 10:35 AM - edited ‎03-05-2019 07:51 PM

hello!

when you configure GLBP ON THE interface vlan.do we need to configure no ip proxy-arp?it works without this command as well as this command also:no ip redirects

Labels:
0 Helpful
7 Replies 7

Jon Marshall
Hall of Fame
Hall of Fame

‎12-06-2007 11:53 AM

Hi Ali

They are not really related as such. You can run GLBP with them on or off. I usually turn off any unneeded services under the interface.

Jon

Edison Ortiz
Hall of Fame
Hall of Fame

‎12-06-2007 12:00 PM

proxy-arp provides services for devices on that segment that do not have a default gateway. If you want to ensure the devices on that segment use the GLBP VIP address, then disabling proxy-arp will be recommended.

As for ip redirect, it has no correlation to GLBP but is a recommended security practice to disable it. If you disable ip redirect, the devices on that segment will always contact their default gateway (GLBP VIP) if more than one gateway exists on that segment.

alsayed
Level 1
Level 1
In response to Edison Ortiz

‎12-06-2007 12:27 PM

hello experts!

i have seen the following config under:

HSPR

INT VLAN X

NO IP REDIRECTS

GLBP

INT VLAN X

NO IP PROXY ARP

SO WHAT THAT MEAN?

MANY 10XS

0 Helpful

alsayed
Level 1
Level 1
In response to alsayed

‎12-06-2007 12:39 PM

HELLO

if i forget to configure it under the vlan interface(no proxy arp).then what's hapen?

10xs

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to alsayed

‎12-06-2007 12:51 PM

If you forget to configure no ip proxy-arp under an interface, devices on that subnet with missing default gateway will be serviced by this interface.

For instance,

If you have a workstation with IP 192.168.1.150 (missing its default gateway) and a switch with 192.168.1.1 with proxy-arp enabled, the switch will respond to arp queries from the workstation and route to other segments on the workstation's behalf.

This behavior will cause a lot of overhead in the switch and network as you rely on ARP for routing to other segments.

By disabling proxy-arp, the switch does not route the packet and the workstation gets a request time-out if the destination resides in another subnet.

0 Helpful

royalblues
Level 10
Level 10
In response to alsayed

‎12-06-2007 12:44 PM

As said above these commands are generally configured as a security practice.

have a look at the attached document

HTH

Narayan

Preview file
65 KB

alsayed
Level 1
Level 1
In response to royalblues

‎12-06-2007 12:48 PM

10xs narayan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card