Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Ip unnumbered interface ARPs, simple topo - tough question

Hello, i've a question regarding ip unnumbered interface.

I have a simple topology:

[USERS]--[SWICTH]-[CISCO GATEWAY]

The gateway is configured with ip unnumberd loopback command:

#sh ip int br

Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES unset  up                    up     
FastEthernet0/0.2          10.10.10.1      YES TFTP   up                    up     
Loopback0                  10.10.10.1      YES manual up                    up     
R1#

User configartion: user subinterface with his static route.

R1#show running-config interface fastEthernet 0/0.2

Current configuration : 109 bytes
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip unnumbered Loopback0
no snmp trap link-status
end

ip route 172.16.1.44 255.255.255.255 FastEthernet0/0.2

All is working fine.

User is configured with 172.16.1.44 sends arp request and GW replies.

BUT WE ALL KNOW THAT ARP REQUESTS AND ROUTING TABLE ARE NOT RELATIVE, ARP REPLY IS SENT BACK TO INTERFACE WHERE IT RECEIVED.

so the question goes: Why user can't change IP to other than STATIC  ip route on gateway states. ? I know that internet to user will not wotk  because there will be diferent static route pointing to his interface  than his 'fake' ip address. BUT WHY USER DOESN'T GET AN ARP REPLY FROM  GATEWAY when user is using invalid IP address ? The question is just  about ARP. Since we all know that routes and arp processing is different  things, why ARP reply is sent when static route to user is the same as  the user ip address.. HOW Cisco router knows that he should'nt sent arp  reply to user with invalid IP. The error on gw goes:

*Mar  1 04:42:58.678: IP ARP req filtered src 2.2.2.2 4444.4444.4444,  dst 8.8.8.8 c000.3ef0.0000 wrong cable, interface FastEthernet0/0.2
*Mar   1 04:42:58.678: IP ARP rep filtered src 2.2.2.2 4444.4444.4444, dst  2.2.2.2 ffff.ffff.ffff wrong cable, interface FastEthernet0/0.2

Here user sent arp request and gratuitous arp with source 2.2.2.2.  How Gateway understand that this request is invalid ? SINCE router  doesnt consults his routing table when sending arp reply.

THANKS !!

5 REPLIES
Hall of Fame Super Gold

Ip unnumbered interface ARPs, simple topo - tough question

You should never use ip unnubered on LAN interface, to avoice problems like you've observed

New Member

Ip unnumbered interface ARPs, simple topo - tough question

Thanks for reply, but this configuration works fine, i just want to know answer from my question above..

Hall of Fame Super Gold

Re: Ip unnumbered interface ARPs, simple topo - tough question

No problem, the choice is all your:

Do things correctly and have them working, or do them wrong, and encounter mysterious problems.

Then regarding the low rating that you have given, thank you for helping recognizing your attitude, that will help treating it properly in the future

New Member

Re: Ip unnumbered interface ARPs, simple topo - tough question

sometimes is strange, my question was HOW AND WHY IT'S WORKIN/NOT WOKIRNG, if you dont know the answer the topic questions you don't need to post.. why lot of people post answers that you didin't ask..

New Member

Ip unnumbered interface ARPs, simple topo - tough question

Hi,

The subnet mask of the interface is significant for ARP replies.

If the IP address of the requestor falls within the interface's subnet then a reply is appropriate, direct communication using MAC addresses on the local segment is OK. If the requestor's IP address is outside of the interface IP address subnet, then no reply is allowed, because it is assumed the requesting device is not on the local ethernet segment.

A proxy-arp reply may be more appropriate because the router could get the requestor to the destination, but the requested IP address, the GW, is actually directly connected to the router so this also would not be allowed.

BTW, friendly or polite responses get  better results.

Cheers,

Brian

531
Views
1
Helpful
5
Replies
CreatePlease login to create content