[c-nsp] Problem disabling proxy-arp
Andrew Yourtchenko
ayourtch at cisco.com
Wed Dec 2 18:06:57 EST 2009
On Wed, 2 Dec 2009, Jared Gillis wrote:
> Hello,
>
> I'm running some 3750s that are providing IP aggregation for customers of mine. One of the customers reported that his gateway (the 3750) was responding to ARP for his local LAN addresses. Taking a look, I realized that I forgot to disable proxy-arp on that 3750. I disabled it via the global "ip proxy arp disable" command, but it doesn't seem to have worked; the customer still says he is seeing ARP responses from the gateway, but only on PCs that have just booted. Also, "show ip int xxx" reports that proxy-arp is still live on the interface:
> #show ip int vlan101
> Vlan101 is up, line protocol is up
> Internet address is 70.36.146.1/24
> Broadcast address is 255.255.255.255
> Address determined by setup command
> MTU is 1500 bytes
> Helper address is not set
> Directed broadcast forwarding is disabled
> Outgoing access list is not set
> Inbound access list is 100
> Proxy ARP is enabled
> Local Proxy ARP is disabled
This might be the result of CSCsl75648, which does not reflect the global
state of the proxy arp in the per-interface output.
I'd suggest to double-check with the sniffer trace how exactly the ARP
traffic between the newly booted PCs and the gateway looks like, and see
if you can correlate with anything with the config. Maybe there is more
than one contributor to the overall issue - and disabling proxy-arp
globally on the gateway solved only a part of it.
(Of course, checking if explicitly disabling proxy-arp on the interface
would not hurt either - but even if it helps, the sniffer traces will
very useful to find the root cause).
thanks,
andrew
More information about the cisco-nsp
mailing list