Hm, I understood your answer, this could probably the case as you mentioned.

But if the ARP Proxy is in place, shouldn't the ping work without even having the gateway added? Or work with any possible gateway? I'm asking because the only way this works in PT is by having an IP from the other network (any IP) as gateway.

So for example, for the laptop0 which is 192.168.1.0 network the gateway has to be 192.168.2.X from the other network. I found this behavior pretty strange. Any other ideas?

Thanks for your time,

Mihai

having no default gateway set on PC means do not go outside of your local network, aka no remote network reach-ability. You will not be able to reach the Internet, only your local subnet and local network.  PC will do check by comparing IP and subnet mask to see whether destination is local or remote.  This "check" happens before any communication can happen.

if destination is on the local LAN, no gateway is needed, PCA needs only MAC of PCB.  IF destination is not local, meaning remote network like Internet,  PC will look for default gateway. 

If I have a little time for labbing, I will test your set up on real router with proxy arp on and off.

Regards, ML
**Please Rate All Helpful Responses **

Cool! That would be awesome! I think I'm missing something

Regards, 

Mihai

I am not clear about what is going on here. Assuming that the PC has a correct address, perhaps 192.168.1.11 and attempts to ping a correct destination such as 192.168.2.22 whether it works or not depends on what is configured as default gateway on the PC?

- so if the configured default gateway on PC is 192.168.2.1 it works?

- so if the configured default gateway on PC is 192.168.2.33 it works?

- so if the configured default gateway on PC is 192.168.3.1 it does not work?

GNS3 PC does not allow to set d.g which is out of your subnet; So I could not test it exactly as your PT setup.  Proxy ARP did not matter in that case.  Proxy ARP works as it should based on example of Proxy Arp from CCIE RS v4 book by W. Odom.  My Win 7 PC lets me set up "wrong" d.g but gives me a warning.  So, not 100% but PT could have a bug since you should not be allowed to set up d.g. on different network that your own.  Still I am waiting for CML to do a test with Linux PCs.  One thing is clear, Without any d.g, pings to outside your subnet will fail. 

Regards, ML
**Please Rate All Helpful Responses **

Thank you for the explanation, this definitely makes things clearer. Now I see why setting up a gateway from the second subnet would ARP, but setting it up on another subnet or not setting at all will fail. 

Regards,

Mihai

Martin has done a good test using CML and confirms that proxy arp is an important part of how ping can work when the default gateway is not configured correctly. As I understand his results he was not able to test the situation where the host default gateway was in 192.168.2.x network and ping worked as reported by Mihai but ping did not work if the default gateway was in some other subnet. I believe that this reinforces that the real issue in this discussion is the behavior of host PCs in PT and not the behavior of routers or switches.

Here are results from CML using Routers as hosts (no ip route and ip default-gateway xxxx)

No Proxy Arp on any routers, results with wrong gateway pings failed !!!

With Proxy enabled on "routing" router, results are pings are OK even with wrong gateway on 1 end -similar to your example.

IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.8(3)M2, RELEASE SOFTWARE (fc2)

Router#
Router#sh ip int br
GigabitEthernet0/4 10.0.0.11 /24  

!

Default gateway is 10.10.10.11

Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty
Router#
Router(config)#do sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.0.0.11 - 5254.0014.33c1 ARPA GigabitEthernet0/4

!

Router#ping 10.10.10.11 repeat 2
Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 10.10.10.11, timeout is 2 seconds:
..
Success rate is 0 percent (0/2)
Router#ping 10.10.10.1 repeat 2
Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:
..
Success rate is 0 percent (0/2)
--------------------------

Turning Proxy ARP on,

R0(config)#no ip arp proxy disable

Router#ping 10.10.10.11 repeat 2
Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 10.10.10.11, timeout is 2 seconds:
!!
Success rate is 100 percent (2/2), round-trip min/avg/max = 7/8/9 ms

R0#sh run all | in arp
no ip arp proxy disable
no ip arp gratuitous type rfc-3220
ip arp queue 512
ip arp incomplete retry 20
ip arp incomplete entries 5000
ip gratuitous-arps non-local
ip proxy-arp
arp arpa
arp timeout 14400

In summary, ARP helps. Only with routers as PCs and Proxy ARP disabled on all 3 routes, you will get same result as your PT test.  Using Linux, I were unable to set up wrong gateway. same for GNS3 PCs.  

Attached are configs and CML import file if you want test it - using routers as PCs. You can use DevNet Sandbox

Regards, ML
**Please Rate All Helpful Responses **