I’ve seen this command in many routers no ip proxy-arp. So this mean that the feature is disable? The router will not reply with its MAC address and discard this ARP?
Hello Carlo
Yes that is correct. In most IOS versions, proxy arp is enabled by default. This will disable it and will prevent the router from responding on behalf of another host.
I hope this has been helpful!
Laz
1 Like
Hi Rene
Why I replace Windows 7 in GNS3 as H1, H2 and S1 that do not work?
Does Windows 7 not support Proxy ARP?
Could you please tell me.
Hello Apiwat
Proxy ARP is a feature of the R1 router in the topology. The changing of the S1 device to Windows 7 or any other operating system should not affect the result. Make sure that you have IP connectivity to the Windows device and that all other connectivity has been achieved, and let us know your results.
I hope this has been helpful!
Laz
1 Like
Thanks Lazaros
I could resolve it. That didn’t work because of Guest OS on VMware.
Hi Rene
Let’s say you were a network implementer who will implement many routers for enterprise or ISP.
Will you enable Proxy ARP feature for a real scenario?
If the answer is yes or no, could you please explain and give an example.
Hello Apiwat
Proxy ARP should only be enabled if you want to enable some specific network features. It should be off at all times unless you want to configure one of the following:
- Joining a broadcast LAN with serial links such as dialup or VPN connections. Proxy ARP will allow such serial links to obtain IP addresses that are in the same subnet dynamically, even though the actual end users are not directly connected to that broadcast domain.
- Assigning multiple addresses dynamically to a server. Using Proxy ARP, IP addresses from multiple subnets can be dynamically assigned to a single NIC of a server.
- Using Mobile-IP, a standard used to allow mobile devices to move from one network to another while maintaining the same IP address, Proxy ARP enables what is called a Home Agent to receive messages on behalf of the mobile device, to which it forwards the messages received.
These are just some of the specialized services that take advantage of Proxy ARP. Again, it should only be enabled as needed, and not generally made available on networks.
I hope this has been helpful!
Laz
1 Like
Hi Lazaros and Rene
>> The network diagram in the figure 1
>> Main details:
- I have already configured the static routes at all routers.
- The PC-01, PC-02, PC-03 and PC-04 run Windows7 OS and configure IP address, Subnet mask only. (That don’t have the IP default gateways.)
- All routers enable Proxy ARP of all interfaces. (enabled by default)
- All personal computers (the PC-01, PC-02, PC-03 and PC-04) can ping in the same subnet only.
>> Problem and Question:
Why cannot all personal computers (the PC-01, PC-02, PC-03 and PC-04) ping in the different subnet even though all routers enable Proxy ARP?
>> Remark:
- The Cisco document tell “Proxy ARP must be used on the network where IP hosts are not configured with a default gateway” by following in the figure 2.
Hi Apiwat,
Proxy ARP will only work for subnets that are directly connected to your router. R1 is not going to reply to that ARP request from PC1 when it’s destined for some subnet that is behind another router.
There is no good reason to use proxy ARP, it’s a fix for a design issue that should be fixed in your network 
Rene
1 Like
Hi,
Does a router perform ARP request on directly connected interfaces over ethernet?
Do the below steps right?
When the frame comes to the router (from 10.1.1.1/24 to 10.1.1.254) it decapsulates the frame
and take the ip packet.
It check the dest IP on ip packet and see the 10.2.2.100.
It checks 10.2.2.100 on it’s routing table and sees it’s directly connected so it looks for the MAC of the 10.2.2.100 on it’s ARP table.
If it does not know the dest MAC on ARP table then router performs ARP request?
When it learns the MAC of the 10.2.2.100 it adds it to ARP table and it encapsulates the ip packet to a frame then send it to 10.2.2.100.
is the path same for from 10.1.1.2/8 to 10.1.1.254?
regards.
Hello Murat
Your description is correct. If the communication was initiated by 10.1.1.2 then the same procedure would be followed.
Now keep in mind that in the example you explained, the destination IP address was on a network segment that was directly connected to the router. If it wasn’t directly connected, then the router would find the IP of the next hop router, and the ARP request would be not for the destination address, but for the IP address of the next hop router. Remember that ARP will only find the MAC addresses corresponding to IP addresses that are in the same subnet as the requester.
i hope this has been helpful!
Laz
Hi Lagapides,
could you give a basic sample with using ip addresses for being not directly connected and finding the next hop router instead of the dest?
regards.
Hello Murat
Assume you have the following network that has routing information correctly configured for all networks to communicate:
A device with an IP address of 1.1.1.5 is communicating with a device with an IP address of 3.3.3.5. Steps 4 and 5 are the steps that address your specific question.
- As the host encapsulates the data, it checks the destination IP and determines that it is not in the same subnet, therefore, it must be sent to the default gateway of 1.1.1.1 (Fa0/0 interface of R1).
- The host looks for the IP address of the default gateway (and not the destination IP address) in the ARP table. If it finds it, it populates the destination MAC address in the frame. If it doesn’t it will send an ARP request to obtain it and populate the destination MAC address in the frame, and sends the frame.
- R1 receives the frame, examines the destination MAC address to verify that the frame belongs to it. It de-encapsulates the packet, reads the destination IP address.
- Using the routing table, it determines where it should send it. Because the destination IP doesn’t belong to any of the directly connected networks, it must send it to another router. According to the routing table, the next hop IP is 192.168.12.2.
- R1 will look in its ARP table for this IP address (and not the destination IP address) and if it finds a MAC, it will populate the destination MAC address field. If it does not find it in the ARP table, it will send an ARP request to obtain the information and populate the destination MAC address field. The frame is then sent.
- R2 will receive the frame, de-encapsulate, read the destination IP address, determine it is not directly connected, will determine the next hop IP from the routing table, will use ARP to find the corresponding MAC address, and will send it along its way.
- Once R3 receives the frame, it will de-encapsulate it, read the destination IP address, will determine that it is on a directly connected network, and will use ARP to find the MAC address of the destination host and send the frame to its way.
- The destination host will read the destination MAC, see that it is indeed its own and will continue de-encapsulating to obtain the data required.
I hope this has been helpful!
Laz
hi
generate a “Wrong Cable” error.
Hello Bahri
The “wrong cable” error that is associated with ARP is usually due to the fact that the source IP address of the ARP request is outside of the subnet range of the interface receiving it. The error message does sound counter intuitive, however, after a little bit of research, this seems to be the case. Can you share your configuration of the interface involved as well as the exact error message so that we can verify the problem and help you further?
I hope this has been helpful!
Laz
hi
thank you
*Sep 3 16:41:47.718: IP ARP req filtered src 10.255.5.227 5e00.0005.0000, dst 10.255.5.228 0000.0000.0000 wrong cable, interface GigabitEthernet0/1
*Sep 3 16:41:48.212: IP ARP req filtered src 10.255.5.227 5e00.0005.0000, dst 10.255.5.232 0000.0000.0000 wrong cable, interface GigabitEthernet0/1
*Sep 3 16:41:48.713: IP ARP req filtered src 10.255.5.227 5e00.0005.0000, dst 10.255.5.228 0000.0000.0000 wrong cable, interface GigabitEthernet0/1
*Sep 3 16:41:48.714: IP ARP req filtered src 10.255.5.227 5e00.0005.0000, dst 10.255.5.229 0000.0000.0000 wrong cable, interface GigabitEthernet0/1
*Sep 3 16:41:49.206: IP ARP req filtered src 10.255.5.227 5e00.0005.0000, dst 10.255.5.232 0000.0000.0000 wrong cable, interface GigabitEthernet0/1
*Sep 3 16:41:50.205: IP ARP req filtered src 10.255.5.227 5e00.0005.0000, dst 10.255.5.232 0000.0000.0000 wrong cable, interface GigabitEthernet0/1
*Sep 3 16:41:56.214: IP ARP req filtered src 10.255.5.227 5e00.0005.0000, dst 10.255.5.231 0000.0000.0000 wrong cable, interface GigabitEthernet0/1
*Sep 3 16:41:56.215: IP ARP req filtered src 10.255.5.227 5e00.0005.0000, dst 10.255.5.230 0000.0000.0000 wrong cable, interface GigabitEthernet0/1
*Sep 3 16:41:57.216: IP
GigabitEthernet0/1 is up, line protocol is up
Hardware is iGbE, address is fa16.3ebb.43e0 (bia fa16.3ebb.43e0)
Internet address is 10.1.1.254/24
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto Duplex, Auto Speed, link type is auto, media type is RJ45
output flow-control is unsupported, input flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:06, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 1000 bits/sec, 2 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
2446 packets input, 154334 bytes, 0 no buffer
Received 2554 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
160 packets output, 21429 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
52 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
1 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped outHello Bahri
The error message that is being generated here is telling you that you are getting ARP requests from a source that is outside of the subnet of the interface. Your interface IP address is 10.1.1.254/24 and the ARP requests are being sent from the 10.255.5.0/24 subnet. You seem to have a device physically on the same network as the GigabitEthernet0/1 interface that is configured on a different subnet and it is trying to communicate.
I hope this has been helpful!
Laz
Hi Sir ,
I am unable to understand this topic , would u please elaborate in a lucid manner , as i m confused in deciding subnet which you have mentioned .
Thanks & Regards
Shivam Chaudhary
Team ,
Please revert on this .
Rgds
Shivam
Hello Shivam
Take a look at the following diagram:
The blue circle shows the 10.2.2.0/24 subnet while the red circle shows the 10.1.1.0/24 subnet. If H1 sends an ARP request for 10.2.2.100, it will be received by H2 and R1 (green arrow) because they are in the same subnet.
If R1 is configured with proxy ARP, R1 will look at the IP address in the ARP request, specifically 10.2.2.100, it will look this address up in the routing table, and it will send the request out of the interface indicated there. In this case, the 10.2.2.0/24 subnet is directly connected to interface Fa0/3 so the ARP request is forwarded there as shown with the purple arrow. S1 sees this request and responds to the sender, which is R1, again with the purple arrow.
When R1 receives this request, it relays it back to H1 (green arrow) with its own MAC address in the response.
So H1 places the MAC address of R1 in the ARP table for the 10.2.2.100 address. Any arriving packets with a destination address of 10.2.2.100 and a destination MAC address of R1 will be forwarded by R1 to the appropriate host, S1.
I hope this has been helpful! Stay healthy and safe!
Laz