[c-nsp] Problem disabling proxy-arp

[Andrew Yourtchenko]

On Wed, 2 Dec 2009, Jared Gillis wrote:

> Hello,
>
> I'm running some 3750s that are providing IP aggregation for customers of mine. One of the customers reported that his gateway (the 3750) was responding to ARP for his local LAN addresses. Taking a look, I realized that I forgot to disable proxy-arp on that 3750. I disabled it via the global "ip proxy arp disable" command, but it doesn't seem to have worked; the customer still says he is seeing ARP responses from the gateway, but only on PCs that have just booted. Also, "show ip int xxx" reports that proxy-arp is still live on the interface:
> #show ip int vlan101
> Vlan101 is up, line protocol is up
>  Internet address is 70.36.146.1/24
>  Broadcast address is 255.255.255.255
>  Address determined by setup command
>  MTU is 1500 bytes
>  Helper address is not set
>  Directed broadcast forwarding is disabled
>  Outgoing access list is not set
>  Inbound  access list is 100
>  Proxy ARP is enabled
>  Local Proxy ARP is disabled

This might be the result of CSCsl75648, which does not reflect the global 
state of the proxy arp in the per-interface output.

I'd suggest to double-check with the sniffer trace how exactly the ARP 
traffic between the newly booted PCs and the gateway looks like, and see 
if you can correlate with anything with the config. Maybe there is more 
than one contributor to the overall issue - and disabling proxy-arp 
globally on the gateway solved only a part of it.

(Of course, checking if explicitly disabling proxy-arp on the interface 
would not hurt either - but even if it helps, the sniffer traces will 
very useful to find the root cause).

thanks,
andrew