10-20-2022 12:23 AM - edited 10-20-2022 12:25 AM
We have a very basic Inter-Vlan routing setup on Cisco IE2000 switches. Devices in each Vlan can reach their respective gateways and route between each other.
Now, the problem is, some devices on Vlan 161 do not support configuration of a default gateway, so they rely on the IE2000 replying to proxy-arp requests for the devices in Vlan 302. On wireshark, we can wee these 10.252.x.x devices sending ARP requests for 10.232.x.x devices, but the IE2000 is not responding to these ARP requests. What can be the problem?
interface vlan161
description TWC
ip address 10.252.28.16 255.255.0.0
no ip redirects
no shutdown
!
!
interface vlan302
description VCCTV
ip address 10.232.28.1 255.255.255.0
no ip redirects
no shutdown
!
Proxy arp is not disabled on the SVIs or globally and I assume it is enabled by default.
Solved! Go to Solution.
10-23-2022 02:25 AM
sorry for my last answer it some little weak because I was so so busy,
anyway
the L3 device must support proxy arp
for example IOS XR Release
Two forms of address resolution are supported by Cisco IOS XR software: Address Resolution Protocol (ARP) and proxy ARP, as defined in RFC 826 and RFC 1027, respectively. Cisco IOS XR software also supports a form of ARP called local proxy ARP.""
so there is two RFC one 826 and other 1027 <<- this for proxy-arp
but If I return to datasheet of IE2000
https://www.cisco.com/c/en/us/products/collateral/switches/industrial-ethernet-2000-series-switches/datasheet-c78-730729.html
the IE2000 support only RFC-826
so
I am sorry to inform you that IE2000 not support proxy-arp as info. share above.
10-23-2022 11:16 PM
This is very interesting. When I saw the output of show run all for the interface I was encouraged when it indicated that proxy arp seemed to be enabled. But what MHM has found certainly seems to indicate that it is not enabled. While most Catalyst/Nexus switches certainly do support proxy arp, the IE2000 is quite different and I can believe that it may not support proxy arp.
If the original poster wants to look into this further I would suggest several things:
- In interface configuration mode for the vlan interface enter the commands no ip proxy-arp, followed by ip proxy-arp. Is there any response to the commands?
- we have seen output that appears to be output from debug for arp. I would like to see some output that shows some arp responses as well as the arp requests. And then I would like to identify the IP address of one of the hosts that needs proxy arp and to see debug output showing an arp request from that IP.
- If the original poster has the ability to open a case with Cisco TAC that would provide the most authoritative answer.
10-25-2022 01:49 AM
I will try to get this information
10-25-2022 06:16 AM
Thanks for the additional information. It is interesting that there is a sender which replaces the source mac address with its own mac address. This is not necessarily a problem. A mac address needs to be unique only within its own broadcast domain. So a mac address in one subnet and the same mac address in a different subnet would not be a problem.
Most devices can send both arp probes and arp requests. If a device could send only one type of arp message then requests are more important that probes. If the sender can send only probes then that is a problem, and I am surprised that it has not been a problem for other customers. It will be interesting to see how this turns out. Please keep us updated about this.
10-25-2022 01:48 AM
That is quite unfortunate indeed. Anyways, we will be able to confirm this soon, once the arp probes change to arp requests.
10-25-2022 08:06 AM
arp probe, if IP in arp message is same as IP of host then this arp probe to check conflict
arp request, the host must ping any ip outside it subnet and then you check the wireshark for arp request
10-27-2022 10:33 PM
Good news. The vendor released new software which populated the "source address" field in the ARP probes, turning them into ARP requests. Once this was done, the Cisco IE2000s responded back with proxy-arp responses and everything is now working well.
Thanks everyone for the help.
10-28-2022 03:37 AM
can I see wireshark after it work
if you can
thanks in advance
10-30-2022 05:32 PM
Looks like the forum won't let me attach pcap files
10-29-2022 11:32 AM
Thanks for the update. Glad to know that new software from the vendor has fixed the problem and things are now working for you. I am surprised that this behavior has not been a problem for other customers.
10-30-2022 05:33 PM
Looks like the vendor had tested this with switches other than Cisco and they seem to respond via Proxy arp to arp probes, too.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide