[c-nsp] Bridge devices - ARP takeover
Graham Wooden
graham at g-rock.net
Fri Aug 14 07:57:08 EDT 2009
Agreed on the ip proxy-arp, but if it makes the link work for the time being
...
I am waiting access into the radios to see if I can do a true dot1q OOB
interface on it. I also lowered the arp timeout to just under 5 minutes.
With my SNMP interface scripts running every 5 minutes, I am hoping that
with this combination, that it will stay up until I am ready to completely
debug it.
I appreciate everyone's feedback on this.
On 8/14/09 4:26 AM, "Gert Doering" <gert at greenie.muc.de> wrote:
> Hi,
>
> On Thu, Aug 13, 2009 at 06:08:36PM -0500, Graham Wooden wrote:
>> I know - the whole thing is bizarre. I was able to get access to that
>> remote C2621, and noticed that ip proxy-arp was disabled. I enabled to to
>> match my interface on the 6500. It's been up for close to an hour now with
>> no issues (hopefully I just didn't jinx myself).
>
> "ip proxy-arp" should be always disabled, unless you specifically know that
> you need it.
>
> For a normal point-to-point link between routers, you'll never need it.
>
> (Having proxy-arp on-by-default is one of the major design errors that
> Cisco did - it's seen as a "convenience", because it "makes things works"
> that would break otherwise. In reality, all it does is "it hides problems",
> because mis-configured systems still work - until the point where they no
> longer work, and then it's much harder to find where the brokenness is)
>
>
> To me, this sounds a bit as if the *Radio* is answering the ARP requests
> on its own, for some sort of "management interface" or so.
>
> gert
More information about the cisco-nsp
mailing list