03-03-2010 04:02 AM - edited 03-06-2019 09:58 AM
Hy
We have some problems downloading the configuration via tftp. The problem occurs after we move to the new WAN-router. We find out that the problem is in the ARP-cache of the Catalyst switches.
Both switches C3750 and C2960 are configured as L2 Switches (VLAN interface and default-gatway);
When I do a COPY RUN TFTP command and afterwards an SHOW ARP I see an entry for the TFTP-Server, although the server is not in the local subnet:
C2960#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.2 0 0014.f26d.d17f ARPA Vlan1
Internet 192.168.5.200 39 0014.f26d.d17f ARPA Vlan1
Internet 192.168.1.199 - 0024.51ba.3fc0 ARPA Vlan1
When I repeat the test with an COPY RUN FTP, the FTP-session uses the normal Default-GW ARP entry (no arp-entry with 192.168.5.200)
When I change the configuration on the C3750 to IP routing with a default-route, then TFTP uses also the Default-GW ARP entry (no entry with the TFTP-server)
A sniffer-trace show, that there is no ARP Packet to the Router when the entry is created.
Question: why does this occur with tftp and not with ftp?
Is it possible to deactivate this function?
Best regards
Bernd
03-03-2010 04:27 AM
Hello Bernd,
this is very peculiar indeed.
However, you see proxy ARP in action here:
Internet 192.168.1.2 0 0014.f26d.d17f ARPA Vlan1
Internet 192.168.5.200 39 0014.f26d.d17f ARPA Vlan1
as you see the MAC address of both entries is that of the gateway 0014.f26d.d17f
the device 192.168.1.2 has proxy-ARP enabled and answers with its own MAC address for an ARP request done for 192.168.5.200 that is out of context.
This is done to help hosts that don't know their default gateway or have a wrong shorter mask.
To be noted that the device should :
or use ip default-gateway for all communications
or rely on proxy ARP for all communications
What IOS image is running on the switches?
>> A sniffer-trace show, that there is no ARP Packet to the Router when the entry is created.
even more strange, proxy ARP would require the ARP request to be sent to the L3 device
What device is the new router and what IOS image is running on it?
Hope to help
Giuseppe
03-03-2010 04:58 AM
hy Giuseppe,
thank you for the fast answer;
I did the tests with 12.2(50)SE1 and 12.2(35)SE5. My customer uses 12.2(44)SE2; Always the same result.The default-router in my lab is an C2801; I already deactivated proxy-arp on the interfaces; with the same result; the arp-entry comes again after a copy run tftp.
The question is, why does the switch do a kind of proxy-arp with TFTP and not with FTP, Telent or ICMP?
It would by ok, when there is no default-gateway configured, but there is on; this ARP entry only happens with tftp;
I already deactived several services, like service dhcp, service config and so on, but result remain the same.
my trace shows ARP packets for the default-gw, when I clear the arp-cache, but no packets for the arp-entry TFTP-server.
following an output from the ARP:
C2960#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.2 0 0014.f26d.d17f ARPA Vlan1
Internet 192.168.1.199 - 0024.51ba.3fc0 ARPA Vlan1
C2960#ping 192.168.5.200
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.200, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms
C2960#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.2 0 0014.f26d.d17f ARPA Vlan1
Internet 192.168.1.199 - 0024.51ba.3fc0 ARPA Vlan1
C2960#copy run tftp://192.168.5.200/xy
Address or name of remote host [192.168.5.200]?
Destination filename [xy]?
!!
1610 bytes copied in 0.394 secs (4086 bytes/sec)
C2960#
C2960#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.2 0 0014.f26d.d17f ARPA Vlan1
Internet 192.168.5.200 0 0014.f26d.d17f ARPA Vlan1
Internet 192.168.1.199 - 0024.51ba.3fc0 ARPA Vlan1
C2960#
C2960#clear arp-cache
C2960#
C2960#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.199 - 0024.51ba.3fc0 ARPA Vlan1
C2960#ping 192.168.5.200
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.200, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1007 ms
C2960#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.2 0 0014.f26d.d17f ARPA Vlan1
Internet 192.168.1.199 - 0024.51ba.3fc0 ARPA Vlan1
ciao
Bernd
04-27-2014 12:33 AM
HI
I am also facing some similar issue. Were you able to find out any solution??
OM: Bootstrap program is C3560 boot loader
BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(44)SE6, RELEASE SOFTWARE (fc1)
System image file is "flash:c3560-ipservicesk9-mz.122-58.SE2.bin"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide