Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Proxy ARP problem.

I have sent an image of the simple network under discussion.

Even if it is only an example, I do not understand why pinging f0/1 from computer_1 Proxy ARP does not work.

Thanks.

6 REPLIES
Cisco Employee

Re: Proxy ARP problem.

Hello,

For the Proxy ARP to work, the interface IP of Fa 0/0 should be on the same major network but with a different mask. When the Computer 1 ARP's for Fa 0/1's MAC, Fa 0/0 sees the ARP request. But it will discard the ARP request as it is on a completely different major network. For the proxy-ARP to work, the routers interface and PC should be on the same IP Subnet. When the router sees the source IP address, and parses it with it's own mask, the router should see the PC in its own subnet. If not, router will just drop the ARP request. If you change your IP Scheme as below then proxy ARP will work.

Computer1 (192.168.1.2/22) ---- Fa 0/0 (192.168.1.1/24)----(Router)---Fa 0/1 (192.168.2.1/24) --- Computer 2 (192.168.2.2/22)

Hope this helps.

Regards,

NT

New Member

Re: Proxy ARP problem.

Thanks for the good answer.

It is incredible how a simple problem like this do not find an easy solution reading books, RFCs and other resources.

As I had found in some books, also CCIE books, that Proxy ARP worked in this manner: when an ARP request arrives to an

interface, the router responds if it knows a route for the target address, except if the route is out the interface where the request came in.

Now I know that it is not so simple. Where did you find these details? Are these details part of a standard, RFC or something like this?

Or these details are how Cisco routers work? Without considering your solution, are you sure that the only control the router adds is the control about source IP address of the ARP request and IP address of the interface that receives the request: they must be in the same network, major or not major.

Or it is better an inverse engeneering work more detailed.

New Member

Re: Proxy ARP problem.

May be the solution was very simple.

May be I had forgotten that a router, before doing any other operation, checks if the source IP address of the packet

belongs to the same subnet of the receiving interface, and that if it is not true the router discards the packet.

Is it always true? May be I remember that I have read something like this elsewhere.

Thanks.

New Member

Re: Proxy ARP problem.

With the command "debug arp" I have seen that the ARP requests with a source IP address not belonging

to the network of the router's receiving interface are discarded.

This is the final proof.

Ok and thanks.

Cisco Employee

Re: Proxy ARP problem.

Hello,

Yes. That is correct. That is default router behavior. That way, router will

not have to process data belonging to different IP subnets on the same

interface.

Regards,

NT

Hall of Fame Super Silver

Re: Proxy ARP problem.

Hello,

>> May be I had forgotten that a router, before doing any other operation, checks if the source IP address of the packet

belongs to the same subnet of the receiving interface, and that if it is not true the router discards the packet.

Is it always true? May be I remember that I have read something like this elsewhere.

Edit:

yes for ARP activity sorry for my misunderstanding, this explains the results of your dynamips lab the ARP request is discarded so Proxy ARP cannot be invoked.

About IP packet processing:

No, generally speaking a router does not check the source address of the packet unless configured for doing so:

- or by using a so called anti spoofing ACL, where you specify for client vlans that you do not accept source addresses not belonging to the IP subnet associated to the VLAN (leaf with no other routers connected to this interface/network segment)

- or by enabling unicast RPF, this second mechanism checks if according to the local IP routing table the packet has been received on the same interface the local node would use to reach the packet's source address (uRPF in strict mode)

About Proxy ARP:

original RFC definition of Proxy ARP considers the same major network, Cisco implementation is looser and it looks at the IP routing table and the router answers to the ARP request with its own MAC address on the interface if a match is found in the IP routing table.

Proxy ARP is defined on RFC 1027

http://www.rfc-editor.org/rfc/rfc1027.txt

Hope to help

Giuseppe

2778
Views
0
Helpful
6
Replies
CreatePlease login to create content