[c-nsp] unusual arp behavior
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Fri Feb 11 01:54:55 EST 2005
David J. Hughes <> wrote on Thursday, February 10, 2005 11:30 PM:
>> Nevertheless, I believe the most common type of duplicate address
>> detection is simply ARPing for your own address, for instance:
>>
>> 19:56:04.846965 0:0:c0:e:69:cd ff:ff:ff:ff:ff:ff 0806 60: arp who-has
>> 195.1.209.35 tell 195.1.209.35
>
> Have to agree with Steinar here. I think the "respond to arps from
> other layer 3 subnets" is an endsystem attribute. If you apply that
> logic to routers you immediately end up talking about proxy arp.
Just for the record: IOS drops the ARP request afher the martian source
address check:
*Feb 11 06:32:28.119: IP ARP req filtered src 0.0.0.0 0002.1765.7c85,
dst 192.168.1.200 0000.0000.0000 martian source
This has been more or less day-one behaviour..
oli
More information about the cisco-nsp
mailing list