Router is not using default gatway for ICMP Ping - strange behavior

mariusz1984katowice · ‎09-26-2025

I am simulating a simple network technology with IOU L3 images and observe a strange behavior with image version 17.15.1

The network consists of 4 routers,

One of them is named a "SourcePC" (bottom of diagram) - a router from which I do an ICMP ping (ping command)

I am pinging a "loopback 0" (192.168.4.1) interface on another router (right top side of diagram) which is behind an intermediate router (in the middle of diagram)

The "SourcePC" router has the following configuration:

configure terminal

      interface ethernet 0/1

          ip address 192.168.2.2 255.255.255.0

          no ip proxy-arp

          no shutdown

          exit

     ip route 0.0.0.0 0.0.0.0 192.168.2.1

In fact in target configuration there will be "no ip proxy-arp" configuration on any interface involved in this scenario

What I observe with 17.15.1 is that the "SourcePC" is making an ARP request for 192.168.4.1

This is completely different to image 15.4 -the "ping 192.168.4.1" results in "SourcePC" asking arp request of 192.168.2.1 - which is completely correct

It looks like the "no ip proxy-arp" controls only whether the router responds to an ARP request for IP from different network - but doesn't control whether the router sends such ARP request.

My questions ... is there any setting that controls that ? - How can I prevent Cisco router for doing such bizzare / incorrect thing ?

balaji.bandi · ‎09-26-2025

What I observe with 17.15.1 is that the "SourcePC" is making an ARP request for 192.168.4.1

Looking at your Wireshark i believe that is correct, since its only asking in the broadcast network who has 4.1 (or am i missing something here ?)

Look the use case of no ip proxy-arp

https://www.cisco.com/c/en/us/support/docs/ip/dynamic-address-allocation-resolution/13718-5.html

more good explanation :

https://www.practicalnetworking.net/series/arp/proxy-arp/#:~:text=Proxy%20ARP%20occurs%20when%20one,will%20illustrate%20how%20it%20works:

personally i seen some of the odd behaviours in the virtual environment, may be not the same case if you work on real hardware.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎09-26-2025

Ask ARP for different IP meaning there is NAT.

MHM

Dan Frey · ‎09-26-2025

I have seen this behavior when static routes are pointing to an interface on an ethernet segment and not a next-hop-ip address. When the interface is used in static routing the router believes all networks are directly connected and will ARP for every address. If this is a default route to the internet the ARP table can fill up quickly and the router becomes sluggish or non responsive. This can be viewed in "show arp". When a next-hop-ip address is used in a static route the arp resolution is only for the next hop address and not the remote network. Did your config get updated to use an interface name rather than the next hop ip?

julian.bendix · ‎09-27-2025

I think that is the issue!

Harold Ritter · ‎09-27-2025

Hi @mariusz1984katowice ,

Do you have "ip routing" disabled on SourcePC? Can you please provide a "show ip cef 192.168.4.1" from SourcePC?

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

mariusz1984katowice · ‎09-28-2025

Hi everyone !!

Thank you kindly for your response and the will to help - I really appreciate that. I didn't even expect so many answers

@bb - Balaji, I think my case is diffrent. I was looking at these pages sent by you and the describe a case when the host is "incorrectly" configured with "different" mask (shorter mask, including two or more subnets). In my case I use mask /24 everywhere.

@dan - I heard about this case, but looking at "ip route" it shows that the only static route is a default route and it poings to a next hop IP.

The second image shows that there is an arp entry which was filled by a response from intermediate route - but this is because I have re-enabled "proxy arp" on intermediate router. If I disable it - there will be no ARP response and no ARP entry on "SourcePC"

Is there a chance that the real (no IOU) image works differently ? ... as I have said - the image 15.4 has a different behavior - it uses the default gateway for ICMP ping.

@MHM - how to check if the NAT is enabled ?

@Harold - I have a strange feeling the issue is very like to "ip cef" settings ... please find the output below. I have also attached a running-config

Exactly the "ip cef" subject is quite unclear yet for me - I am trying to learn a little about Cisco CCNP routing subjects, but in fact my knowledge is very poor - I have not worked with Cisco routers since 2011.

Giuseppe Larosa · ‎09-29-2025

Hello @mariusz1984katowice ,

for sure you should enable CEF globally on your router using

ip cef

in global config mode

Hope to help

Giuseppe

balaji.bandi · ‎09-29-2025

as i remember some of the IOL need to turn off no ip cef to work.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mariusz1984katowice · ‎09-28-2025

This is the running config.

MHM Cisco World · ‎09-28-2025

ip route 0.0.0.0 0.0.0.0 192.168.2.1 e0/1

you need to add egress interface to stop this ARP

MHM

Devaa · ‎09-28-2025

HI @mariusz1984katowice

It's not working as expected when CEF is disabled in IOL L3. You enable "ip cef" in SourcePC and check, it will work as expected.

Real devices will work as expected, this seems to be some bug / issue with that specific IOL L3 version.

conf t
 ip cef
end
wr