Proxy ARP Explained

Hi Deepak,

By default, proxy ARP is enabled. If you configure an IP address on a router interface then the router can respond to ARPs.

Rene

Hi Rene , Thanks.

Hi Rene,

i have a question. Do each interface in router has different mac addresses ? If the router has 5 interfaces , whether it will have 5 mac addresses ( one for each port) along with router base mac address. In the above example I see 10.1.1.254 and 10.2.2.254 has different mac address. what is the advantage of having a router base mac address.

Also for layer 2 switches , how the mac address will be. If it is a 24 port switch , how many mac addresses it will have in addition to the base mac address. i am asking this because when we see how switches learn mac address , the mac address of the host machine alone is described and not the mac address of the port.

Can you pls clarify?

Hi Ananth,

Each router interface has a different MAC address yes. Unlike switches, they don’t have a “base” MAC address.

Switches have a different MAC address for each of their interfaces. They also have a base MAC address that is used for certain protocols (like STP).

Rene

Thanks, Rene.

But I have a question here. If switches have different mac address for their interfaces , then during mac learning only the mac of the host is learnt in the mac address table. What is the significance of the mac address of the switch ports? If a host with mac AAA is connected to port 1/1 , what about the mac address of port 1/1 and how it actually participates in mac learning?

Ananth

Hello Ananth!

MAC address learning that occurs on a switch involves the learning of the MAC addresses that are attached to the specific interface. For example, if interface Fa0/1 is connected to PC1 with MAC Address A:B:C:D:E:F, then this MAC address will be used to populate the MAC address table. The Fa0/1 interface does not need to learn its own MAC address. What happens if interface Fa0/1 is connected to interface Fa0/2 of another switch. Won’t the MAC address of Fa0/2 of that switch be included in the MAC table of the first switch? It depends.

It is important to understand that the creation of the MAC address table in a switch is done via the Source MAC address found in the incoming frames on an interface. If the other switch is never the destination of a frame, then this MAC address will not be included in any MAC address table. MAC addresses of specific switch interfaces will not enter the MAC tables of other switches unless the switches themselves are the sources (or destinations) of frames.

I hope this has been helpful.

Laz

I’ve seen this command in many routers no ip proxy-arp. So this mean that the feature is disable? The router will not reply with its MAC address and discard this ARP?

Hello Carlo

Yes that is correct. In most IOS versions, proxy arp is enabled by default. This will disable it and will prevent the router from responding on behalf of another host.

I hope this has been helpful!

Laz

1 Like

Hi Rene

Why I replace Windows 7 in GNS3 as H1, H2 and S1 that do not work?
Does Windows 7 not support Proxy ARP?
Could you please tell me.

Hello Apiwat

Proxy ARP is a feature of the R1 router in the topology. The changing of the S1 device to Windows 7 or any other operating system should not affect the result. Make sure that you have IP connectivity to the Windows device and that all other connectivity has been achieved, and let us know your results.

I hope this has been helpful!

Laz

1 Like

Thanks Lazaros

I could resolve it. That didn’t work because of Guest OS on VMware.

Hi Rene

Let’s say you were a network implementer who will implement many routers for enterprise or ISP.
Will you enable Proxy ARP feature for a real scenario?
If the answer is yes or no, could you please explain and give an example.

Hello Apiwat

Proxy ARP should only be enabled if you want to enable some specific network features. It should be off at all times unless you want to configure one of the following:

  1. Joining a broadcast LAN with serial links such as dialup or VPN connections. Proxy ARP will allow such serial links to obtain IP addresses that are in the same subnet dynamically, even though the actual end users are not directly connected to that broadcast domain.
  2. Assigning multiple addresses dynamically to a server. Using Proxy ARP, IP addresses from multiple subnets can be dynamically assigned to a single NIC of a server.
  3. Using Mobile-IP, a standard used to allow mobile devices to move from one network to another while maintaining the same IP address, Proxy ARP enables what is called a Home Agent to receive messages on behalf of the mobile device, to which it forwards the messages received.

These are just some of the specialized services that take advantage of Proxy ARP. Again, it should only be enabled as needed, and not generally made available on networks.

I hope this has been helpful!

Laz

1 Like

Hi Lazaros and Rene

>> The network diagram in the figure 1
>> Main details:
- I have already configured the static routes at all routers.
- The PC-01, PC-02, PC-03 and PC-04 run Windows7 OS and configure IP address, Subnet mask only. (That don’t have the IP default gateways.)
- All routers enable Proxy ARP of all interfaces. (enabled by default)
- All personal computers (the PC-01, PC-02, PC-03 and PC-04) can ping in the same subnet only.

>> Problem and Question:
Why cannot all personal computers (the PC-01, PC-02, PC-03 and PC-04) ping in the different subnet even though all routers enable Proxy ARP?

>> Remark:
- The Cisco document tell “Proxy ARP must be used on the network where IP hosts are not configured with a default gateway” by following in the figure 2.

PRA2

Hi Apiwat,

Proxy ARP will only work for subnets that are directly connected to your router. R1 is not going to reply to that ARP request from PC1 when it’s destined for some subnet that is behind another router.

There is no good reason to use proxy ARP, it’s a fix for a design issue that should be fixed in your network :slight_smile:

Rene

1 Like

Hi,

Does a router perform ARP request on directly connected interfaces over ethernet?
Do the below steps right?

When the frame comes to the router (from 10.1.1.1/24 to 10.1.1.254) it decapsulates the frame
and take the ip packet.
It check the dest IP on ip packet and see the 10.2.2.100.
It checks 10.2.2.100 on it’s routing table and sees it’s directly connected so it looks for the MAC of the 10.2.2.100 on it’s ARP table.
If it does not know the dest MAC on ARP table then router performs ARP request?
When it learns the MAC of the 10.2.2.100 it adds it to ARP table and it encapsulates the ip packet to a frame then send it to 10.2.2.100.

is the path same for from 10.1.1.2/8 to 10.1.1.254?

regards.

Hello Murat

Your description is correct. If the communication was initiated by 10.1.1.2 then the same procedure would be followed.

Now keep in mind that in the example you explained, the destination IP address was on a network segment that was directly connected to the router. If it wasn’t directly connected, then the router would find the IP of the next hop router, and the ARP request would be not for the destination address, but for the IP address of the next hop router. Remember that ARP will only find the MAC addresses corresponding to IP addresses that are in the same subnet as the requester.

i hope this has been helpful!

Laz

Hi Lagapides,

could you give a basic sample with using ip addresses for being not directly connected and finding the next hop router instead of the dest?

regards.

Hello Murat

Assume you have the following network that has routing information correctly configured for all networks to communicate:
image
A device with an IP address of 1.1.1.5 is communicating with a device with an IP address of 3.3.3.5. Steps 4 and 5 are the steps that address your specific question.

  1. As the host encapsulates the data, it checks the destination IP and determines that it is not in the same subnet, therefore, it must be sent to the default gateway of 1.1.1.1 (Fa0/0 interface of R1).
  2. The host looks for the IP address of the default gateway (and not the destination IP address) in the ARP table. If it finds it, it populates the destination MAC address in the frame. If it doesn’t it will send an ARP request to obtain it and populate the destination MAC address in the frame, and sends the frame.
  3. R1 receives the frame, examines the destination MAC address to verify that the frame belongs to it. It de-encapsulates the packet, reads the destination IP address.
  4. Using the routing table, it determines where it should send it. Because the destination IP doesn’t belong to any of the directly connected networks, it must send it to another router. According to the routing table, the next hop IP is 192.168.12.2.
  5. R1 will look in its ARP table for this IP address (and not the destination IP address) and if it finds a MAC, it will populate the destination MAC address field. If it does not find it in the ARP table, it will send an ARP request to obtain the information and populate the destination MAC address field. The frame is then sent.
  6. R2 will receive the frame, de-encapsulate, read the destination IP address, determine it is not directly connected, will determine the next hop IP from the routing table, will use ARP to find the corresponding MAC address, and will send it along its way.
  7. Once R3 receives the frame, it will de-encapsulate it, read the destination IP address, will determine that it is on a directly connected network, and will use ARP to find the MAC address of the destination host and send the frame to its way.
  8. The destination host will read the destination MAC, see that it is indeed its own and will continue de-encapsulating to obtain the data required.

I hope this has been helpful!

Laz

hi
generate a “Wrong Cable” error.