[c-nsp] unusual arp behavior

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Fri Feb 11 01:54:55 EST 2005


David J. Hughes <> wrote on Thursday, February 10, 2005 11:30 PM:

>> Nevertheless, I believe the most common type of duplicate address
>> detection is simply ARPing for your own address, for instance:
>> 
>> 19:56:04.846965 0:0:c0:e:69:cd ff:ff:ff:ff:ff:ff 0806 60: arp who-has
>> 195.1.209.35 tell 195.1.209.35
> 
> Have to agree with Steinar here.  I think the "respond to arps from
> other layer 3 subnets" is an endsystem attribute.  If you apply that
> logic to routers you immediately end up talking about proxy arp.

Just for the record: IOS drops the ARP request afher the martian source
address check:

*Feb 11 06:32:28.119: IP ARP req filtered src 0.0.0.0 0002.1765.7c85,
dst 192.168.1.200 0000.0000.0000 martian source

This has been more or less day-one behaviour.. 

	oli 



More information about the cisco-nsp mailing list