I believe the following diagram will give a brief idea about what Proxy ARP does. By default all cisco routers will have proxy arp enabled over the interfaces.
If you observe, Laptop0 has subnet mask 255.0.0.0 while others have 255.255.255.0. I did it for a reason. If I ping to 192.168.2.x or 192.168.3.x from Laptop0, it initially generates ARP request for that particular IP address. If I keep subnet as 255.255.255.0 and issue a ping to 192.168.2.x or 192.168.3.x, it will generate ARP for the default IP address configured. Explanation of this needs a separate post which I am planning to do later.
For this post, just remember that with this configuration I will be able to generate ARP requests for 192.168.2.x or 192.168.3.x IP addresses.
Initially we made sure ARP entries are not present. We have issued ping to
Line 3, its conventional arp response of Gi0/0 MAC address.
Line 4 and 5, Gi0/0 responded with its own MAC address for the network present in Gi0/1
Line 6, Irrespective whether the IP address exists or not, if it gets arp request for any of the IP address in 192.168.1.x network it responds with its own MAC address.
Description
Typically, any interface having IP address 'IP1' after receiving an arp request(for IP1) it sends arp response with its MAC address.
Suppose 'proxy arp' is enabled in any interface(say Gi0/1), and the other interfaces(Gi0/2, Gi0/3) of the network device are configured with other networks(IP2, IP3). If Gi0/1 receives any arp request for any of the IP addresses in IP2 or IP3, Gi0/1 sends out ARP response with its own MAC Address.
'Proxy ARP' configuration gives the authority for that interface.
Demonstration
I picked a router with following interfaces and IP addresses. |
| Topology |
Configurations in the router will be as follows:
1 2 3 4 5 6 7 8 9 10 11 12 13 | Router(config)# Router(config)#int gigabitEthernet 0/0 Router(config-if)#ip address 192.168.0.1 255.255.255.0 Router(config-if)#no shut Router(config-if)#exit Router(config)#int gigabitEthernet 0/1 Router(config-if)#ip address 192.168.1.1 255.255.255.0 Router(config-if)#no shut Router(config-if)#exit Router(config)#int gigabitEthernet 0/2 Router(config-if)#ip address 192.168.2.1 255.255.255.0 Router(config-if)#no shut Router(config-if)#exit |
If you observe, Laptop0 has subnet mask 255.0.0.0 while others have 255.255.255.0. I did it for a reason. If I ping to 192.168.2.x or 192.168.3.x from Laptop0, it initially generates ARP request for that particular IP address. If I keep subnet as 255.255.255.0 and issue a ping to 192.168.2.x or 192.168.3.x, it will generate ARP for the default IP address configured. Explanation of this needs a separate post which I am planning to do later.
For this post, just remember that with this configuration I will be able to generate ARP requests for 192.168.2.x or 192.168.3.x IP addresses.
C:\>arp -a No ARP Entries Found C:\>ping -n 1 192.168.0.1 Pinging 192.168.0.1 with 32 bytes of data: Reply from 192.168.0.1: bytes=32 time<1ms TTL=255 Ping statistics for 192.168.0.1: Packets: Sent = 1, Received = 1, Lost = 0 (0% loss), C:\>ping -n 1 192.168.1.1 Pinging 192.168.1.1 with 32 bytes of data: Reply from 192.168.1.1: bytes=32 time<1ms TTL=255 Ping statistics for 192.168.1.1: Packets: Sent = 1, Received = 1, Lost = 0 (0% loss), C:\>ping -n 1 192.168.1.100 Pinging 192.168.1.100 with 32 bytes of data: Request timed out. Ping statistics for 192.168.1.100: Packets: Sent = 1, Received = 0, Lost = 1 (100% loss), C:\>ping -n 1 192.168.1.101 Pinging 192.168.1.101 with 32 bytes of data: Request timed out. Ping statistics for 192.168.1.101: Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
C:\>ping -n 1 192.168.2.1
Pinging 192.168.2.1 with 32 bytes of data:
Request timed out.
Ping statistics for 192.168.2.1:
Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
Initially we made sure ARP entries are not present. We have issued ping to
- 192.168.0.1 (its own network on Gi 0/0)
- 192.168.1.1 and 192.168.1.100 (other interface's Gi0/1 network address) (Existing IP address)
- 192.168.1.101 (other interface's Gi0/1 network address) (This IP address not present)
- 192.168.2.1 (other interface's Gi0/2 network address) (Existing IP address)
When we look at arp entries:
1 2 3 4 5 6 | C:\>arp -a Internet Address Physical Address Type 192.168.0.1 0040.0b1a.9a01 dynamic 192.168.1.1 0040.0b1a.9a01 dynamic 192.168.1.100 0040.0b1a.9a01 dynamic 192.168.1.101 0040.0b1a.9a01 dynamic |
Line 3, its conventional arp response of Gi0/0 MAC address.
Line 4 and 5, Gi0/0 responded with its own MAC address for the network present in Gi0/1
Line 6, Irrespective whether the IP address exists or not, if it gets arp request for any of the IP address in 192.168.1.x network it responds with its own MAC address.
Bonus Tip
You must have noticed that I issued ping to 192.168.2.1 (Gi0/2), but the arp entry is not present. This is because that operational status is down. So, we placed a switch to make it 'up'. Now proxy-arp works as usual. |
| Placed a switch to make Gig0/2 operational status 'up' |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | C:\>arp -a No ARP Entries Found C:\>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Reply from 192.168.2.1: bytes=32 time=1ms TTL=255 Reply from 192.168.2.1: bytes=32 time<1ms TTL=255 Ping statistics for 192.168.2.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), C:\>ping 192.168.2.100 Pinging 192.168.2.100 with 32 bytes of data: Ping statistics for 192.168.2.100: Packets: Sent = 1, Received = 0, Lost = 1 (100% loss), C:\>arp -a Internet Address Physical Address Type 192.168.2.1 0040.0b1a.9a01 dynamic 192.168.2.100 0040.0b1a.9a01 dynamic |
No comments:
Post a Comment