04-30-2005 02:54 PM - edited 03-03-2019 09:26 AM
hye all,
Can anybody tell me the difference b/w the commands ip proxy-arp and ip local-proxy-arp.I've complete understanding of Proxy Arp but the thing i can't understand is why both these commands are there.
04-30-2005 05:01 PM
With local-proxy-arp the router would respond to arp requests for addresses on the same subnet.
For example, say host A (192.168.1.5) is directly connected to router 192.168.1.1. If host A queries for host C (10.10.10.10), the router would respond with its MAC address (provided that the router can reach 10.10.10.10). This is proxy-arp.
If host A queries for host B (192.168.1.7, which is on the same subnet), the router would respond with its own MAC address if "ip local-proxy-arp" is configured/enabled. In other words, if "ip local-proxy-arp" is enabled, the router would assume responibilty for forwarding traffic between host A 192.168.1.5 and host B 192.168.1.7. All the arp cache entries on hosts A and B will reference the router's MAC address. In this case the router is performing local-proxy-arp for subnet 192.168.1.0/24
On a LAN, the normal/default behaviour is that "ip local-proxy-arp" is disabled, and hosts A and B have each other's MAC address and communicate directly without router involvement.
I have yet to see any practical use for this feature.
HTH,
Mustafa
04-10-2006 11:46 AM
A requirement for private vlan edge (protected port) configurations
07-20-2012 01:57 AM
thanks mhussein. good post
08-09-2015 06:10 AM
Does anybody have practice of using this feature when hosts within the broadcast domain with a local-proxy-arp enabled router are not isolated from each other?
I wonder how this feature affects a communication between non-isolated hosts? I would expect two arp-replies: one from the "owner" of IP in question and 2nd from local-proxy-arp enabled router. If so, wich MAC address the requesting host will install in its arp-table?
08-09-2015 06:51 AM
Hello Andrei,
I haven't tried it mysef as for practical deployments, this would be considered a misconfiguration, but following the basic ARP principle of operation, trivial ARP implementations on hosts will process the ARP replies in the order they arrive, updating the ARP cache entry as each ARP reply is processed. From this it would follow that the ARP cache would always hold the entry based on the last ARP reply received. Obviously, which one is going to be the last received is a matter of chance, so the results would be generally random.
The ARP implementation can differ between hosts. I can imagine some implementations using some kind of throttling, or processing only the first response in an attempt to tighten down the security on ARP. In any case, even if just a single ARP response is processed, it is still a matter of chance whose response that is.
Best regards,
Peter
11-17-2021 09:56 AM
Filtering/Security as it forces the traffic to go to the router instead of host to host.
Mark
11-18-2021 03:23 AM
Hi Mustafa,
really old thread and my response
working for a service providers, that they implemented L2 network using cisco Core and OLT/GPON technology on the edge, for their FTTH. and they decided for a less management overhead to implement OLT as a L2 gateway, while L3 function was moved towards Cisco Cat9500 acting as a L3 gateway. it is not ideal setup, and has some weaknesses as well. but The OLT setup created on catalyst Ethernet ports a non-broadcast network topology, where each communication runs in a very simple hub-and-spoke manners. So each end nodes can communicate only with a hub, in this case it is L3 catalyst 9500, but they do not see each other. In the case the end nodes need to access a different subnet, they need to point to their DG anyway, all seems to be working fine. But if they want to communicate each other directly it is not possible, and this feature could help in such non-usual cases.
have a nice day.
Martin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide