Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

ARP table problem

Hi. We have some switches linked together to form a DMZ with a variety of hosts and two PIX firewalls connected. If we try to ping a host from the switch it is attached to, the ping fails. When the arp cache is viewed, the entry for the server IP address references the mac address of a PIX interface on another switch and not the server itself. The mac address table contains the correct mac address port entry. Any idea why the PIX appears to be responding to the arp request? Our Security Team cannot explain it. Thanks.

4 REPLIES
Bronze

Re: ARP table problem

1. Verify that the switch's IP address and subnet mask are consistent with the address/mask combination on the server(s).

2. Verify that the ports that the servers are connected to are in the same VLAN as the VLAN in the switch that has the IP address assigned to it.

HTH.

Mark

Bronze

Re: ARP table problem

These sound like symptoms of 'ip local proxy-arp', but I don't know if PIX's even support this feature.

New Member

Re: ARP table problem

try this :

no sysopt noproxyarp

on your pix.

Silver

Re: ARP table problem

If the PIX does proxy-ARP this is due to a static statement on the PIX. Probably you have a static statement which is overlapping with the IP subnet numbering on your lower and higher level interfaces. The command no sysopt proxyarp (if-name) will in fact disable the Proxy-ARP, although this should not be the proper action. Proper configuration of your PIX will prevent the PIX for doing proxy-ARP for adresses for which it should not.

If you send me your PIX config and what you want to achieve, I believe I can help you out (clear passwords and stuf from the config first :-))

Regards,

Leo

104
Views
0
Helpful
4
Replies
CreatePlease to create content