Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
325
Views
4
Helpful
2
Replies

Traffic flow stops after 30 mins when proxy arp is disabled

renju.zac
Level 1
Level 1

‎01-17-2006 09:53 PM - edited ‎03-03-2019 11:29 AM

We configuring a cisco 2811 router for internet access. One ethernet interface of this router connects to the lan and the other to the ISP. As part of hardening we disabled proxy arp on both ethernet interfaces.

We noticed that the traffic flow through the router stops after 30 minutes.

When the traffic is not flowing , users on the lan can ping the LAN ethernet interface , but not the Internet Ethernet Interface.

A simple ping to the Internet from the router works fine. However , an extended ping sourced from the LAN interface fails.

The same router configuration with proxy-arp enabled on both ethernet interfaces , the traffic flows smoothly even after 30 minutes.

Can disabling proxy arp cause such a behaviour ?

Labels:
0 Helpful
2 Replies 2

pkhatri
Level 11
Level 11

‎01-17-2006 09:59 PM

Hi,

One possible reason for this could be that your ISP has configured a subnet mask on its interface facing you to be different to what you have configured on your interface to the ISP. For example, say the ISP gave you the 10.1.1.0/24 network and you split it into 10.1.1.0/25 and 10.1.1.128/25. Also assume that the ISP used the 255.255.255.0 mask on its own interface to you. If you then assigned the first network to your WAN link and the second to your internet link, the following will happen: when the ISP wishes to get to an address in the second subnet, it will think it's on the same network as its interface to your router. It will then send out an ARP for it. WHen proxy-ARP is enabled, your router will respond with its own MAC address. If proxy-ARP is not enabled, this will fail.

Does this match your scenario ?

Hope that helps - pls rate the post if it does.

Regards,

Paresh.

renju.zac
Level 1
Level 1
In response to pkhatri

‎01-17-2006 11:27 PM

Thank you for te suggestions. The scenario appears to be similar. Need to check if this is indeed causing the problem.

Regards,

Renju

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card