Re: Static ARP binding with interface on CSR 1000v

Maxim Denisov · ‎06-30-2014

Hello,

I'm stuck trying to accommodate CSR 1000v to OVH network policy. There is a server with ESXi and 2 VMs - ASAv and CSR 1000v. OVH provides classic ip assignment to first address (ESXi) only, other addresses are provided as "failover". As far as I understood they do not route addresses but allows to configure static ARP bindings on their side. For example there is a 10.1.1.254/24 (00ff.ffff.ffff MAC) on OVH side and 10.1.1.36/24 on my side. I have requested 2 "failover" addresses for VMs - 10.1.2.4/32 and 10.1.3.4/32. On ASAv I have configured shortest available prefix /29 on interface, configured 0.0.0.0/0 route to 10.1.1.254 and configured static ARP binding 10.1.1.254 to 00ff.ffff.ffff on outside interface, this works. I tried to do the same on CSR 1000v but unlike ASAv I can't bind interface with this static ARP:

DC1-RTR1#arp 10.1.1.254 00ff.ffff.ffff arpa gi4
Bad ARP command - Interface may only be specified when bridging IP

I there workaround?

Regards,
Maxim

Maxim Denisov · ‎07-02-2014

I found a workaround - configured arp 10.1.1.254 00ff.ffff.ffff alias, configured 10.1.1.4/24 as secondary address on interface and disabled arp arpa. Not a perfect solution but it works.

Greg Chlopowiec · ‎02-06-2018

Hi Maxim,

I have a dedicated server at OVH with similar setup like yours, that is 6 VMs running on ESXi and ASAv protecting it. I'm having hard time configuring ovh's "failover ip"to my VMs ("failover ip" statically mapped to vm private ip). Whatever I do, it just doesn't want to work: no communication from "outside" to "inside". Did you manage to successfully setup ovh networking so that please from 'outside' can access your servers 'inside' or 'dmz'?

Static ARP binding with interface on CSR 1000v

Ataques L2 - Arp spoofing

Nexus 1000V安装

Static NAT の設定例

Interface 監視用 OID について

DHCP Static Binding on Cisco IOS