Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4462
Views
0
Helpful
6
Replies

Proxy ARP problem.

speculor_cisco
Level 1
Level 1

‎07-30-2010 03:23 AM - edited ‎03-06-2019 12:15 PM

I have sent an image of the simple network under discussion.

Even if it is only an example, I do not understand why pinging f0/1 from computer_1 Proxy ARP does not work.

Thanks.

Labels:
Preview file
698 KB
0 Helpful
6 Replies 6

Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎07-30-2010 06:39 AM

Hello,

For the Proxy ARP to work, the interface IP of Fa 0/0 should be on the same major network but with a different mask. When the Computer 1 ARP's for Fa 0/1's MAC, Fa 0/0 sees the ARP request. But it will discard the ARP request as it is on a completely different major network. For the proxy-ARP to work, the routers interface and PC should be on the same IP Subnet. When the router sees the source IP address, and parses it with it's own mask, the router should see the PC in its own subnet. If not, router will just drop the ARP request. If you change your IP Scheme as below then proxy ARP will work.

Computer1 (192.168.1.2/22) ---- Fa 0/0 (192.168.1.1/24)----(Router)---Fa 0/1 (192.168.2.1/24) --- Computer 2 (192.168.2.2/22)

Hope this helps.

Regards,

NT

0 Helpful

speculor_cisco
Level 1
Level 1
In response to Nagaraja Thanthry

‎07-30-2010 07:02 AM

Thanks for the good answer.

It is incredible how a simple problem like this do not find an easy solution reading books, RFCs and other resources.

As I had found in some books, also CCIE books, that Proxy ARP worked in this manner: when an ARP request arrives to an

interface, the router responds if it knows a route for the target address, except if the route is out the interface where the request came in.

Now I know that it is not so simple. Where did you find these details? Are these details part of a standard, RFC or something like this?

Or these details are how Cisco routers work? Without considering your solution, are you sure that the only control the router adds is the control about source IP address of the ARP request and IP address of the interface that receives the request: they must be in the same network, major or not major.

Or it is better an inverse engeneering work more detailed.

0 Helpful

speculor_cisco
Level 1
Level 1
In response to speculor_cisco

‎07-30-2010 08:00 AM

May be the solution was very simple.

May be I had forgotten that a router, before doing any other operation, checks if the source IP address of the packet

belongs to the same subnet of the receiving interface, and that if it is not true the router discards the packet.

Is it always true? May be I remember that I have read something like this elsewhere.

Thanks.

0 Helpful

speculor_cisco
Level 1
Level 1
In response to speculor_cisco

‎07-30-2010 11:42 AM

With the command "debug arp" I have seen that the ARP requests with a source IP address not belonging

to the network of the router's receiving interface are discarded.

This is the final proof.

Ok and thanks.

0 Helpful

Nagaraja Thanthry
Cisco Employee
Cisco Employee
In response to speculor_cisco

‎07-30-2010 12:18 PM

Hello,

Yes. That is correct. That is default router behavior. That way, router will

not have to process data belonging to different IP subnets on the same

interface.

Regards,

NT

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to speculor_cisco

‎07-30-2010 12:20 PM

Hello,

>> May be I had forgotten that a router, before doing any other operation, checks if the source IP address of the packet

belongs to the same subnet of the receiving interface, and that if it is not true the router discards the packet.

Is it always true? May be I remember that I have read something like this elsewhere.

Edit:

yes for ARP activity sorry for my misunderstanding, this explains the results of your dynamips lab the ARP request is discarded so Proxy ARP cannot be invoked.

About IP packet processing:

No, generally speaking a router does not check the source address of the packet unless configured for doing so:

- or by using a so called anti spoofing ACL, where you specify for client vlans that you do not accept source addresses not belonging to the IP subnet associated to the VLAN (leaf with no other routers connected to this interface/network segment)

- or by enabling unicast RPF, this second mechanism checks if according to the local IP routing table the packet has been received on the same interface the local node would use to reach the packet's source address (uRPF in strict mode)

About Proxy ARP:

original RFC definition of Proxy ARP considers the same major network, Cisco implementation is looser and it looks at the IP routing table and the router answers to the ARP request with its own MAC address on the interface if a match is found in the IP routing table.

Proxy ARP is defined on RFC 1027

http://www.rfc-editor.org/rfc/rfc1027.txt

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card