[c-nsp] Bridge devices - ARP takeover

Graham Wooden graham at g-rock.net
Fri Aug 14 07:57:08 EDT 2009


Agreed on the ip proxy-arp, but if it makes the link work for the time being
... 

I am waiting access into the radios to see if I can do a true dot1q OOB
interface on it.  I also lowered the arp timeout to just under 5 minutes.
With my SNMP interface scripts running every 5 minutes, I am hoping that
with this combination, that it will stay up until I am ready to completely
debug it. 

I appreciate everyone's feedback on this.

On 8/14/09 4:26 AM, "Gert Doering" <gert at greenie.muc.de> wrote:

> Hi,
> 
> On Thu, Aug 13, 2009 at 06:08:36PM -0500, Graham Wooden wrote:
>> I know - the whole thing is bizarre.  I was able to get access to that
>> remote C2621, and noticed that ip proxy-arp was disabled. I enabled to to
>> match my interface on the 6500.  It's been up for close to an hour now with
>> no issues (hopefully I just didn't jinx myself).
> 
> "ip proxy-arp" should be always disabled, unless you specifically know that
> you need it.
> 
> For a normal point-to-point link between routers, you'll never need it.
> 
> (Having proxy-arp on-by-default is one of the major design errors that
> Cisco did - it's seen as a "convenience", because it "makes things works"
> that would break otherwise.  In reality, all it does is "it hides problems",
> because mis-configured systems still work - until the point where they no
> longer work, and then it's much harder to find where the brokenness is)
> 
> 
> To me, this sounds a bit as if the *Radio* is answering the ARP requests
> on its own, for some sort of "management interface" or so.
> 
> gert




More information about the cisco-nsp mailing list