PG1X WIKI

My Knowledge Base

User Tools

Site Tools


tech:network:proxy-arp:proxy-arp

Proxy ARP

Home Physical Lab Topologies

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int f0/1
R1(config-if)#ip proxy-arp
R1(config-if)#^Z
R1#
*Mar  4 03:54:09.886: %SYS-5-CONFIG_I: Configured from console by console
R1#sh run | i proxy

Proxy ARP enabled by default.

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int f0/1
R1(config-if)#no ip proxy-arp
R1(config-if)#^Z
R1#
*Mar  4 03:54:28.566: %SYS-5-CONFIG_I: Configured from console by console
R1#sh run | i proxy
 no ip proxy-arp
R1#sh run int f0/1
Building configuration...

Current configuration : 112 bytes
!
interface FastEthernet0/1
 ip address 172.16.1.1 255.255.255.0
 no ip proxy-arp
 duplex auto
 speed auto
end

Configure ASW101, ASW3 for check how Proxy ARP Configuration works, and Verification.

ASW3

Oops no configuration on ASW3. configure switch vlan1 ip address and default-gateway only. rest of configuration is see start.

Switch>en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname ASW3
ASW3(config)#
ASW3(config)#int vlan1
ASW3(config-if)#ip addr 172.16.3.3 255.255.255.0
ASW3(config-if)#no shut
ASW3(config-if)#exit
ASW3(config)#ip
07:22:06: %LINK-3-UPDOWN: Interface Vlan1, changed state to up
07:22:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to
ASW3(config)#ip defau
ASW3(config)#ip default-gateway 172.16.3.2
ASW3(config)#^Z
ASW3#
07:22:33: %SYS-5-CONFIG_I: Configured from console by console
ASW3#sh run | i default
ip default-gateway 172.16.3.2

ASW101

set ip, no default-gateway.

ASW101>en
ASW101#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
ASW101(config)#int vlan1
ASW101(config-if)#ip addr 172.16.1.101 255.255.0.0
ASW101(config-if)#no shut
ASW101(config-if)#^Z
ASW101#
*Mar  1 07:23:02.340: %SYS-5-CONFIG_I: Configured from console by console
ASW101#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
ASW101(config)#^Z
ASW101#
*Mar  1 07:23:17.339: %SYS-5-CONFIG_I: Configured from console by console
ASW101#sh run | i default

no ip proxy-arp

ASW101 think 172.16.3.3 exists same subnet. ARP Request 172.16.3.3 but no reply. because of no ip proxy-arp.

ASW101#ping 172.16.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.3.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)


ASW101#sh ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  172.16.1.101            -   001a.a10c.d3c0  ARPA   Vlan1

let's configure R1 f0/1 ip proxy-arp

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int f0/1
R1(config-if)#ip pro
R1(config-if)#ip proxy-ar
R1(config-if)#ip proxy-arp
R1(config-if)#^Z
R1#
*Mar  4 05:03:12.822: %SYS-5-CONFIG_I: Configured from console by console

ASW101#ping 172.16.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.3.3, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/3/9 ms

ping successful. and has no default-gateway arp entry. ASW101 shows 172.16.3.3 arp entry. but MAC addr is R1's f0/1 own address.

ASW101#sh ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  172.16.1.101            -   001a.a10c.d3c0  ARPA   Vlan1
Internet  172.16.3.3              0   001b.2a77.66d3  ARPA   Vlan1

then set correct subnet mask. but no default-gateway

ASW101#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
ASW101(config)#int vlan1
ASW101(config-if)#ip addr 172.16.1.101 255.255.255.0
ASW101(config-if)#^Z
ASW101#
*Mar  1 07:30:33.647: %SYS-5-CONFIG_I: Configured from console by console

ASW101#ping 172.16.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/205/1007 ms

but still success ping…

let's clear arp table entry.

ASW101#sh ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  172.16.1.101            -   001a.a10c.d3c0  ARPA   Vlan1
Internet  172.16.3.3              0   001b.2a77.66d3  ARPA   Vlan1
ASW101#clea
ASW101#clear ip arp
% Incomplete command.

ASW101#clear ip arp
ASW101#clear ip arp ?
  A.B.C.D     IP address of dynamic ARP entry
  inspection  Clear State of ARP Inspection
  poll        IP ARP host polling

ASW101#clear ip arp 172.16.3.3
ASW101#sh ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  172.16.1.101            -   001a.a10c.d3c0  ARPA   Vlan1

ASW101#ping 172.16.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/203/1007 ms
ASW101#sh ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  172.16.1.101            -   001a.a10c.d3c0  ARPA   Vlan1
Internet  172.16.3.3              0   001b.2a77.66d3  ARPA   Vlan1

hmmm, R1 still reply arp request.

ASW101#sh int vlan1 | i address
  Hardware is EtherSVI, address is 001a.a10c.d3c0 (bia 001a.a10c.d3c0)
  Internet address is 172.16.1.101/24

ok, then disable proxy arp

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int f0/1
R1(config-if)#no ip proxy-arp
R1(config-if)#^Z
R1#
*Mar  4 05:12:55.782: %SYS-5-CONFIG_I: Configured from console by console

Then, correct subnet mask no default-gateway ASW101 172.16.3.3 arp etnry exist.

ASW101#sh ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  172.16.1.101            -   001a.a10c.d3c0  ARPA   Vlan1
Internet  172.16.3.3              3   001b.2a77.66d3  ARPA   Vlan1
ASW101#ping 172.16.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms

still ping success let's go clear ASW101 172.16.3.3 arp etnry.

ASW101#clear ip arp 172.16.3.3
ASW101#sh ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  172.16.1.101            -   001a.a10c.d3c0  ARPA   Vlan1
ASW101#ping 172.16.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.3.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

ping failed!

ok final step.

set default-gateway on ASW101

ASW101(config)#int vlan1
ASW101(config-if)#exit
ASW101(config)#ip defau
ASW101(config)#ip default-gateway 172.16.1.1
ASW101(config)#^Z
ASW101#
*Mar  1 07:38:41.461: %SYS-5-CONFIG_I: Configured from console by console
ASW101#sh run | i default
ip default-gateway 172.16.1.1

ASW101#ping 172.16.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/203/1007 ms

ping success.

let's show ASW101 arp table.

ASW101#sh ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  172.16.1.1              0   001b.2a77.66d3  ARPA   Vlan1
Internet  172.16.1.101            -   001a.a10c.d3c0  ARPA   Vlan1

we can be seen default gateway's ARP Entry exists.

this is correct behavior.

References

tech/network/proxy-arp/proxy-arp.txt · Last modified: 2018/04/02 02:52 by 5.9.98.130