[c-nsp] ARP entries from another subnet
Jared Mauch
jared at puck.nether.net
Wed May 31 09:42:09 EDT 2006
On Wed, May 31, 2006 at 02:55:59PM +0200, Vincent De Keyzer wrote:
> Well, I thought about proxy-arp.
Try turning it off anyways, proxy-arp just supports
broken netmasks/network configurations anyways and peoples hosts
should be clean now.
I find it frequently used to drive up the CPU load on various
cisco devices when it shouldn't be used. Watch that CPU usage come down
when you disable it, but if anyone has the wrong netmask they may
'break', or if you have any silly routes that say:
ip route 1.2.3.0 255.255.255.0 FastEthernet0
they won't work anymore either, but you likely didn't mean
to do that anyways.
- jared
> But if it was proxy-arp, I would have seen Ra's MAC address in Ha's ARP
> table... and what I was seeing was Hb's MAC address!
>
> At least that's what I understand from Proxy ARP as described by Cisco at
> http://www.cisco.com/warp/public/105/5.html.
>
> Vincent
>
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> > bounces at puck.nether.net] On Behalf Of Jared Mauch
> > Sent: mardi 30 mai 2006 14:04
> > To: Vincent De Keyzer
> > Cc: cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] ARP entries from another subnet
> >
> > You may want to disable proxy-arp on
> > your interfaces.
> >
> > int fastethernet x/y
> > no ip proxy-arp
> >
> > - jared
> >
> > On Mon, May 29, 2006 at 05:00:31PM +0200, Vincent De Keyzer wrote:
> > > Hello,
> > >
> > >
> > >
> > > I have the following weird situation:
> > >
> > > * two LANs, A and B
> > >
> > > * LAN A has IP 10.1.1.0/24
> > >
> > > * LAN B has IP 10.2.2.0/24
> > >
> > > * def. gateway for LAN A is router Ra = 10.1.1.1
> > >
> > > * def. gateway for LAN B is router Rb = 10.2.2.1
> > >
> > > * Ra and Rb are connected together via a network (cloud)
> > >
> > > * host Ha = 10.1.1.10 is on LAN A
> > >
> > > * host Hb = 10.2.2.10 is on LAN B
> > >
> > >
> > >
> > > Now, something went wrong and LAN A and LAN B ended up connected
> > together
> > > (say: a UTP cable between the two switches).
> > >
> > >
> > >
> > > Within the ARP table of Ha, there was an entry for 10.2.2.10 ! So to
> > reach
> > > Hb, it would go directly instead of using its default gateway (Ra).
> > >
> > >
> > >
> > > How did this ARP entry arrive in there?
> > >
> > >
> > >
> > > Vincent
> > >
> > >
> > >
> > > PS: Ha is a Catalyst 2950.
> > >
> > >
> > >
> > > _______________________________________________
> > > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> > --
> > Jared Mauch | pgp key available via finger from jared at puck.nether.net
> > clue++; | http://puck.nether.net/~jared/ My statements are only
> > mine.
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
--
Jared Mauch | pgp key available via finger from jared at puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
More information about the cisco-nsp
mailing list