10-20-2022 12:23 AM - edited 10-20-2022 12:25 AM
We have a very basic Inter-Vlan routing setup on Cisco IE2000 switches. Devices in each Vlan can reach their respective gateways and route between each other.
Now, the problem is, some devices on Vlan 161 do not support configuration of a default gateway, so they rely on the IE2000 replying to proxy-arp requests for the devices in Vlan 302. On wireshark, we can wee these 10.252.x.x devices sending ARP requests for 10.232.x.x devices, but the IE2000 is not responding to these ARP requests. What can be the problem?
interface vlan161
description TWC
ip address 10.252.28.16 255.255.0.0
no ip redirects
no shutdown
!
!
interface vlan302
description VCCTV
ip address 10.232.28.1 255.255.255.0
no ip redirects
no shutdown
!
Proxy arp is not disabled on the SVIs or globally and I assume it is enabled by default.
Solved! Go to Solution.
10-27-2022 10:33 PM
Good news. The vendor released new software which populated the "source address" field in the ARP probes, turning them into ARP requests. Once this was done, the Cisco IE2000s responded back with proxy-arp responses and everything is now working well.
Thanks everyone for the help.
10-20-2022 08:17 AM
Would you post the output of show ip interface?
10-20-2022 06:09 PM
I will try to get this output today, but here's a "show run all" which shows that proxy-arp is enabled.
interface Vlan161
description TWC
ip address 10.252.28.16 255.255.0.0
no ip redirects
ip unreachables
ip proxy-arp
ip mtu 1500
ip load-sharing per-destination
ip pim join-prune-interval 60
ip pim dr-priority 1
ip pim query-interval 30
ip route-cache cef
ip route-cache
ip split-horizon
ip igmp last-member-query-interval 1000
ip igmp last-member-query-count 2
ip igmp query-max-response-time 10
ip igmp v3-query-max-response-time 10
ip igmp version 2
ip igmp query-interval 60
ip igmp tcn query count 2
ip igmp tcn query interval 10
load-interval 300
carrier-delay 2
no shutdown
snmp trap link-status
arp arpa
arp timeout 14400
spanning-tree port-priority 128
spanning-tree cost 0
hold-queue 75 in
hold-queue 40 out
no bgp-policy accounting input
no bgp-policy accounting output
no bgp-policy accounting input source
no bgp-policy accounting output source
no bgp-policy source ip-prec-map
no bgp-policy source ip-qos-map
no bgp-policy destination ip-prec-map
no bgp-policy destination ip-qos-map
!
10-20-2022 08:36 AM
can you confirm that VLAN is UP/UP ??
10-20-2022 06:07 PM
Yes, devices in these Vlans which use gateway can communicate with each other without any issues
10-20-2022 06:10 PM
One thing we noticed is that the devices in question are sending "arp probes", not "arp requests"
Could that be the problem?
10-22-2022 07:23 AM
Thank you for the output of show run all. It does clearly show that proxy arp is enabled, which is what I was looking for when I requested show ip interface. So that potential issue is resolved.
I do have some comments about the other output that you posted:
The difference between arp probe vs arp request is that arp probe is a request for the IP address of the device that is sending the probe. This is done to detect a situation where multiple devices might be using the same IP address. If you send a probe for your IP and receive a response from another device that says that the other device is using that IP then there is duplication. It is common to send an arp probe when a device is initializing its interface. And it is not necessarily a problem if a device sends multiple probes, as this machine is doing.
So seeing probes from mac address MoxaTech:7c:70:23 is not necessarily a problem. But in the output that you posted there is an arp request from that same mac address. In the probe it indicates that the IP of the requester is 10.232.28.101. But the arp request from that same mac address indicates that the IP of the requester is 10.252.28.13. This is quite unusual. Is this one device, one mac address associated with 2 IP? Or is this 2 devices, in 2 different subnets, where both devices are using the same mac address? Can you find any more information about this?
10-25-2022 01:39 AM
In the network we have a certain brand of radio, which replaces the mac-address of everything coming from behind it with its own mac-address. That would explain why you see arp requests from another IP with the same mac-address.
We have reached out to the vendor of the sender which is sending the arp probes, they will change the probes to legitimate requests and we will see then whether the switch responds then.
10-22-2022 07:36 AM
I think I found issue here,
interface vlan161
ip address 10.252.28.16 255.255.0.0
!
interface vlan302
ip address 10.232.28.1 255.255.255.0
but I see host HAVE ip of 10.30.4.x
the SVI with proxy reply only to host within it subnet.
so you need to
A- config host with same subnet of SVI
or
B- config new SVI for these host
10-22-2022 11:35 AM
My previous responses had been based on an assumption that we were dealing with a general problem with proxy arp on this switch. But reading more carefully the original post I believe that this switch has multiple vlans/multiple subnets and that most vlans/subnets can communicate successfully. So the issue here is specific to hosts in vlan 161 needing proxy arp to communicate with vlan 302. So we do not need to be concerned about any vlans/subnets/hosts other than 161 and 302. Is that understanding correct?
Would you post the output of the commands
show ip interface brief
show arp
10-25-2022 01:40 AM
Yes your understanding is correct, I will try to get this information.
10-25-2022 01:40 AM
The 10.30 hosts are not relevant to this problem.
10-22-2022 11:46 AM
Some additional thoughts about seeing multiple arp probes from the same mac address:
- if a device is sending multiple arp probes it might suggest that the device is not stable. Perhaps the device is attempting to activate its interface. It sends an arp probe to test for duplicate address. Something is not working correctly so the device resets its interface and tries to active the interface again. Sends another arp probe. Something does not work - and the process repeats over and over again. Can you tell us anything about the device with this mac address? (I do not believe that this has anything to do with the proxy arp issue, but this would be an interesting thing to investigate)
- thinking about the possibility that multiple devices might be using this mac address - can you examine the content of the switch mac address table and see if that mac address shows up in more than one vlan? (Again I do not believe that this has anything to do with the proxy arp issue, but this would be an interesting thing to investigate)
10-22-2022 10:30 PM
Hi,
To my knowledge some network devices do not proxy-arp arp probes. In my view this behaviour perfectly makes sense as arp probe is an intended ACD mechanism as described in RFC 5227. I cannot confirm this is the case with IE2000 as I have not the box in my lab. I would suggest to try changing the network mask at those Vlan161 clients who do not support DG to 255.0.0.0 so these may broadcast arp requests instead (for Vlan302 as well).
Best regards,
Antonin
10-25-2022 01:41 AM
We have reached out to the vendor of the sender which is sending the arp probes, they will change the probes to legitimate requests and we will see then whether the switch responds then.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide