Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1950
Views
20
Helpful
25
Replies

Proxy-Arp on Cisco IE2000

Go to solution
ronit
Level 1
Level 1

‎10-20-2022 12:23 AM - edited ‎10-20-2022 12:25 AM

We have a very basic Inter-Vlan routing setup on Cisco IE2000 switches. Devices in each Vlan can reach their respective gateways and route between each other.

Now, the problem is, some devices on Vlan 161 do not support configuration of a default gateway, so they rely on the IE2000 replying to proxy-arp requests for the devices in Vlan 302. On wireshark, we can wee these 10.252.x.x devices sending ARP requests for 10.232.x.x devices, but the IE2000 is not responding to these ARP requests. What can be the problem?

interface vlan161
description TWC
ip address 10.252.28.16 255.255.0.0
no ip redirects
no shutdown
!
!
interface vlan302
description VCCTV
ip address 10.232.28.1 255.255.255.0
no ip redirects
no shutdown
!

Proxy arp is not disabled on the SVIs or globally and I assume it is enabled by default.

Labels:
0 Helpful
25 Replies 25

Go to solution
MHM Cisco World
VIP
VIP

‎10-23-2022 02:25 AM

sorry for my last answer it some little weak because I was so so busy, 
anyway 
the L3 device must support proxy arp 
for example IOS XR Release

""ARP and Proxy ARP

Two forms of address resolution are supported by Cisco IOS XR software: Address Resolution Protocol (ARP) and proxy ARP, as defined in RFC 826 and RFC 1027, respectively. Cisco IOS XR software also supports a form of ARP called local proxy ARP.""

so there is two RFC one 826 and other 1027 <<- this for proxy-arp 

but If I return to datasheet of IE2000
https://www.cisco.com/c/en/us/products/collateral/switches/industrial-ethernet-2000-series-switches/datasheet-c78-730729.html

the IE2000 support only RFC-826
so 
I am sorry to inform you that IE2000 not support proxy-arp as info. share above. 

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to MHM Cisco World

‎10-23-2022 11:16 PM

This is very interesting. When I saw the output of show run all for the interface I was encouraged when it indicated that proxy arp seemed to be enabled. But what MHM has found certainly seems to indicate that it is not enabled. While most Catalyst/Nexus switches certainly do support proxy arp, the IE2000 is quite different and I can believe that it may not support proxy arp.

If the original poster wants to look into this further I would suggest several things:

- In interface configuration mode for the vlan interface enter the commands no ip proxy-arp, followed by ip proxy-arp. Is there any response to the commands?

- we have seen output that appears to be output from debug for arp. I would like to see some output that shows some arp responses as well as the arp requests. And then I would like to identify the IP address of one of the hosts that needs proxy arp and to see debug output showing an arp request from that IP.

- If the original poster has the ability to open a case with Cisco TAC that would provide the most authoritative answer.

HTH

Rick
0 Helpful

Go to solution
ronit
Level 1
Level 1
In response to Richard Burts

‎10-25-2022 01:49 AM

I will try to get this information

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to ronit

‎10-25-2022 06:16 AM

Thanks for the additional information. It is interesting that there is a sender which replaces the source mac address with its own mac address. This is not necessarily a problem. A mac address needs to be unique only within its own broadcast domain. So a mac address in one subnet and the same mac address in a different subnet would not be a problem.

Most devices can send both arp probes and arp requests. If a device could send only one type of arp message then requests are more important that probes. If the sender can send only probes then that is a problem, and I am surprised that it has not been a problem for other customers. It will be interesting to see how this turns out. Please keep us updated about this.

HTH

Rick
0 Helpful

Go to solution
ronit
Level 1
Level 1
In response to MHM Cisco World

‎10-25-2022 01:48 AM

That is quite unfortunate indeed. Anyways, we will be able to confirm this soon, once the arp probes change to arp requests.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to ronit

‎10-25-2022 08:06 AM

arp probe, if IP in arp message is same as IP of host then this arp probe to check conflict 
arp request, the host must ping any ip outside it subnet and then you check the wireshark for arp request 

0 Helpful

Go to solution
ronit
Level 1
Level 1

‎10-27-2022 10:33 PM

Good news. The vendor released new software which populated the "source address" field in the ARP probes, turning them into ARP requests. Once this was done, the Cisco IE2000s responded back with proxy-arp responses and everything is now working well.

Thanks everyone for the help.

Go to solution
MHM Cisco World
VIP
VIP
In response to ronit

‎10-28-2022 03:37 AM

can I see wireshark after it work 
if you can 
thanks in advance 

0 Helpful

Go to solution
ronit
Level 1
Level 1
In response to MHM Cisco World

‎10-30-2022 05:32 PM

Looks like the forum won't let me attach pcap files

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to ronit

‎10-29-2022 11:32 AM

Thanks for the update. Glad to know that new software from the vendor has fixed the problem and things are now working for you. I am surprised that this behavior has not been a problem for other customers.

HTH

Rick
0 Helpful

Go to solution
ronit
Level 1
Level 1
In response to Richard Burts

‎10-30-2022 05:33 PM

Looks like the vendor had tested this with switches other than Cisco and they seem to respond via Proxy arp to arp probes, too.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card