CISCO EXPERT – CCIE#23373

Ricardo Martins

Archive for the ‘IP Services’ Category

Cisco Expert – Proxy Arp

Posted by Ricardo Martins on June 28, 2008

I decided I should write about proxy arp, I find it interesting. Most people are very good when it comes to configure and understand technologies like OSPF or BGP but for smaller features they don’t even care. I actually ran into problems last week at my work with it so let’s see what proxy arp is all about.

In this example we will be working on LAN enviroments. It does work over point-to-point links with slightly difference results, however I dont see the need to arp over p2p links. Over frame-relay, it is a bad idea to try to use such a feature instead always send traffic on a next-hop basis.

Basically, what we will do is configuring a routing protocol or a static route between R1 and R2, generate some traffic and look into R1’s arp table. Then without any routing protocol in place, we will again generate some traffic and look into R1’s arp table and try to understand the process. I say it is rather simple but if you do not undestand it you can get stuck.

Diagram bellow

1 – Enable a static route (could be a dynamic routing protocol)on R1 pointing to R2 as such
ip route 0.0.0.0 0.0.0.0 10.10.10.2
In other words we are not arping traffic towards Vlan 20, instead we are sending traffic towards the next hop address which is R2

R1 arp table:
R1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.10.2 0 cc01.1504.0000 ARPA FastEthernet0/0
Internet 10.10.10.3 0 cc02.1504.0000 ARPA FastEthernet0/0
Internet 10.10.10.1 – cc00.1504.0000 ARPA FastEthernet0/0

We can conclude that we cannot see the PC’s on vlan 20 on R1 arp table however we have ip reachability to them. That’s because we are sending traffic to a next-hop address.

2 – No routing protocols between R1 and R2.
Disabling Ip routing on R1 or either create a static route as such
ip route 0.0.0.0 0.0.0.0 f0/0
R2 needs to have ip proxy-arp enabled on f0/0 (default)

R1’s arp table
R1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.10.2 1 cc01.1504.0000 ARPA FastEthernet0/0
Internet 10.10.10.3 1 cc02.1504.0000 ARPA FastEthernet0/0
Internet 10.10.10.1 – cc00.1504.0000 ARPA FastEthernet0/0
Internet 192.168.20.1 1 cc01.1504.0000 ARPA FastEthernet0/0
Internet 192.168.20.2 1 cc01.1504.0000 ARPA FastEthernet0/0
Internet 192.168.20.3 1 cc01.1504.0000 ARPA FastEthernet0/0

We can see that now, R2 is responding with its MAC address for all requests to the PC’s, that’s because now when we generate traffic towards a PC, we will send a ARP request which is basically a broadcast.

How can this help us?

A week ago at work, we received a call from an administrator let’s say, the administrator of the vlan 20 saying that they couldnt ping a server inside the vlan 20.
We don’t have a routing protocol between R1 and R2 and after inspecting R1 arp table, the MAC address of that server which should be the same MAC of R2, in fact it wasnt. We could see the MAC of the server itself.
What this means?
I assume someone had changed the server connection to the switch to other port that was in NO SHUT state and had vlan 10 assigned to it which caused R1 to learn the server MAC.

That’s all folks!!

Posted in IP Services | Tagged: , , | 12 Comments »