04-29-2010 08:49 AM - edited 03-04-2019 08:19 AM
I have a site that is connected to my WAN. They have a 3750 switch facing our WAN router. When it was installed and assumption was made that the site's subnet would be 10.30.32.0/22 and so the ip address on the WAN router interface is set to 10.30.32.1/22. They have set up the L3 switch with vlan interfaces that are 10.30.32.254/24 , 10.30.33.254/24, 10.30.34.254/24 and 10.30.35.254/24. The WAN router only knows that 10.30.32.0/22 is on the interface, not that there is a next hop involved. I can, however, ping devices in the 10.30.34.0/24 vlan.
I would expect that the WAN router would assume that the host address is connected to the segment attached to it's interface on 10.30.32.0/22. It should send out an ARP request looking for the mac address of the host on 10.30.34.0/24 as if it were a host on 10.32.32.0/22. Since the host in 10.30.34.0/24 is on a different VLAN, there should be no response. Obviously it is getting a response, because I can ping a device in that subnet. Can anyone explain why this works?
Solved! Go to Solution.
04-29-2010 10:08 AM
fdouble08 wrote:
That explains it. I didn't know that proxy-arp is enabled by default.
Does this type of configuration raise issues? For example, the WAN router considers 10.30.32.255, 10.30.33.255, and 10.30.34.255 as valid host addresses, while the 3750 expects them to the the broadcast addresses of 10.30.32.0/24, 10.30.33.0/24, and 10.30.34.0/24 respectively. Are there scenarios where that will cause a problem?
I would disable it if you don't need it as it can create confusion as you have found out. It's not a good design to rely on proxy-arp and you don't need to.
The main use for it is if you have static NAT statements then you need it enabled so the router/L3 switch can answer on behalf of the NAT. However as the 3750 doesn't support NAT then you don't need it for this.
Jon
04-29-2010 08:54 AM
fdouble08 wrote:
I have a site that is connected to my WAN. They have a 3750 switch facing our WAN router. When it was installed and assumption was made that the site's subnet would be 10.30.32.0/22 and so the ip address on the WAN router interface is set to 10.30.32.1/22. They have set up the L3 switch with vlan interfaces that are 10.30.32.254/24 , 10.30.33.254/24, 10.30.34.254/24 and 10.30.35.254/24. The WAN router only knows that 10.30.32.0/22 is on the interface, not that there is a next hop involved. I can, however, ping devices in the 10.30.34.0/24 vlan.
I would expect that the WAN router would assume that the host address is connected to the segment attached to it's interface on 10.30.32.0/22. It should send out an ARP request looking for the mac address of the host on 10.30.34.0/24 as if it were a host on 10.32.32.0/22. Since the host in 10.30.34.0/24 is on a different VLAN, there should be no response. Obviously it is getting a response, because I can ping a device in that subnet. Can anyone explain why this works?
This is probably because of proxy-arp ie. the 3750 is answering requests for subnets it knows about that are directly connected.
Try adding this under the L3 vlan interface on the 3750 that is the next-hop for the router -
int vlan
no ip proxy-arp
Jon
04-29-2010 09:07 AM
That explains it. I didn't know that proxy-arp is enabled by default.
Does this type of configuration raise issues? For example, the WAN router considers 10.30.32.255, 10.30.33.255, and 10.30.34.255 as valid host addresses, while the 3750 expects them to the the broadcast addresses of 10.30.32.0/24, 10.30.33.0/24, and 10.30.34.0/24 respectively. Are there scenarios where that will cause a problem?
04-29-2010 10:08 AM
fdouble08 wrote:
That explains it. I didn't know that proxy-arp is enabled by default.
Does this type of configuration raise issues? For example, the WAN router considers 10.30.32.255, 10.30.33.255, and 10.30.34.255 as valid host addresses, while the 3750 expects them to the the broadcast addresses of 10.30.32.0/24, 10.30.33.0/24, and 10.30.34.0/24 respectively. Are there scenarios where that will cause a problem?
I would disable it if you don't need it as it can create confusion as you have found out. It's not a good design to rely on proxy-arp and you don't need to.
The main use for it is if you have static NAT statements then you need it enabled so the router/L3 switch can answer on behalf of the NAT. However as the 3750 doesn't support NAT then you don't need it for this.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide