Ricardo Martins

Cisco Expert – Proxy Arp

Posted by Ricardo Martins on June 28, 2008

I decided I should write about proxy arp, I find it interesting. Most people are very good when it comes to configure and understand technologies like OSPF or BGP but for smaller features they don’t even care. I actually ran into problems last week at my work with it so let’s see what proxy arp is all about.

In this example we will be working on LAN enviroments. It does work over point-to-point links with slightly difference results, however I dont see the need to arp over p2p links. Over frame-relay, it is a bad idea to try to use such a feature instead always send traffic on a next-hop basis.

Basically, what we will do is configuring a routing protocol or a static route between R1 and R2, generate some traffic and look into R1’s arp table. Then without any routing protocol in place, we will again generate some traffic and look into R1’s arp table and try to understand the process. I say it is rather simple but if you do not undestand it you can get stuck.

Diagram bellow

1 – Enable a static route (could be a dynamic routing protocol)on R1 pointing to R2 as such
ip route
In other words we are not arping traffic towards Vlan 20, instead we are sending traffic towards the next hop address which is R2

R1 arp table:
R1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 0 cc01.1504.0000 ARPA FastEthernet0/0
Internet 0 cc02.1504.0000 ARPA FastEthernet0/0
Internet – cc00.1504.0000 ARPA FastEthernet0/0

We can conclude that we cannot see the PC’s on vlan 20 on R1 arp table however we have ip reachability to them. That’s because we are sending traffic to a next-hop address.

2 – No routing protocols between R1 and R2.
Disabling Ip routing on R1 or either create a static route as such
ip route f0/0
R2 needs to have ip proxy-arp enabled on f0/0 (default)

R1’s arp table
R1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 1 cc01.1504.0000 ARPA FastEthernet0/0
Internet 1 cc02.1504.0000 ARPA FastEthernet0/0
Internet – cc00.1504.0000 ARPA FastEthernet0/0
Internet 1 cc01.1504.0000 ARPA FastEthernet0/0
Internet 1 cc01.1504.0000 ARPA FastEthernet0/0
Internet 1 cc01.1504.0000 ARPA FastEthernet0/0

We can see that now, R2 is responding with its MAC address for all requests to the PC’s, that’s because now when we generate traffic towards a PC, we will send a ARP request which is basically a broadcast.

How can this help us?

A week ago at work, we received a call from an administrator let’s say, the administrator of the vlan 20 saying that they couldnt ping a server inside the vlan 20.
We don’t have a routing protocol between R1 and R2 and after inspecting R1 arp table, the MAC address of that server which should be the same MAC of R2, in fact it wasnt. We could see the MAC of the server itself.
What this means?
I assume someone had changed the server connection to the switch to other port that was in NO SHUT state and had vlan 10 assigned to it which caused R1 to learn the server MAC.

That’s all folks!!


12 Responses to “Cisco Expert – Proxy Arp”

  1. renHoink said

    Thank you

  2. D S Raju said

    It’s good.It also througs some light on the difference between next hop routing and interface routing.

  3. Imran Khan said

    Nice demo …
    it clears out small things ……

  4. […] avoid this mistake by finding the font that works best for your situation… More information: futbol shirt No Comments » […]

  5. proxy software…

    […]Cisco Expert – Proxy Arp « CISCO EXPERT – CCIE#23373[…]…

  6. If some one wishes expert view on the topic of blogging and site-building after that
    i recommend him/her to pay a quick visit this weblog, Keep up
    the nice work.

  7. Felipe said

    Thank you very much

  8. Bonkers said

    Without putting this through a lab myself to see it working first hand, I do not understand why the router would do an ARP request for an IP on a different subnet. Typically a router will ARP request only when the destination is on the same subnet as itself. This lab design does not make sense.

    • Bonkers said

      I think I get it, because of interface routing it will do ARP for IP not on its own subnet. Still haven’t labbed it but now very curious to see it in action.

  9. proxy site said

    I’m really loving the theme/design of your weblog. Do you ever run into any browser
    compatibility issues? A few of my blog readers have complained about my site not operating correctly in Explorer but looks great in Safari.
    Do you have any ideas to help fix this issue?

  10. fnb said

    This is really fascinating, You are an overly skilled blogger.
    I’ve joined your feed and sit up for seeking extra of your great post.
    Additionally, I have shared your web site in my social networks

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: