Proxy ARP Explained

(Carlo Emmanuel V) #21

I’ve seen this command in many routers no ip proxy-arp. So this mean that the feature is disable? The router will not reply with its MAC address and discard this ARP?

(Lazaros Agapides) #22

Hello Carlo

Yes that is correct. In most IOS versions, proxy arp is enabled by default. This will disable it and will prevent the router from responding on behalf of another host.

I hope this has been helpful!

Laz

1 Like
(Apiwat T) #23

Hi Rene

Why I replace Windows 7 in GNS3 as H1, H2 and S1 that do not work?
Does Windows 7 not support Proxy ARP?
Could you please tell me.

(Lazaros Agapides) #24

Hello Apiwat

Proxy ARP is a feature of the R1 router in the topology. The changing of the S1 device to Windows 7 or any other operating system should not affect the result. Make sure that you have IP connectivity to the Windows device and that all other connectivity has been achieved, and let us know your results.

I hope this has been helpful!

Laz

1 Like
(Apiwat T) #25

Thanks Lazaros

I could resolve it. That didn’t work because of Guest OS on VMware.

(Apiwat T) #26

Hi Rene

Let’s say you were a network implementer who will implement many routers for enterprise or ISP.
Will you enable Proxy ARP feature for a real scenario?
If the answer is yes or no, could you please explain and give an example.

(Lazaros Agapides) #27

Hello Apiwat

Proxy ARP should only be enabled if you want to enable some specific network features. It should be off at all times unless you want to configure one of the following:

  1. Joining a broadcast LAN with serial links such as dialup or VPN connections. Proxy ARP will allow such serial links to obtain IP addresses that are in the same subnet dynamically, even though the actual end users are not directly connected to that broadcast domain.
  2. Assigning multiple addresses dynamically to a server. Using Proxy ARP, IP addresses from multiple subnets can be dynamically assigned to a single NIC of a server.
  3. Using Mobile-IP, a standard used to allow mobile devices to move from one network to another while maintaining the same IP address, Proxy ARP enables what is called a Home Agent to receive messages on behalf of the mobile device, to which it forwards the messages received.

These are just some of the specialized services that take advantage of Proxy ARP. Again, it should only be enabled as needed, and not generally made available on networks.

I hope this has been helpful!

Laz

1 Like
(Apiwat T) #28

Hi Lazaros and Rene

>> The network diagram in the figure 1
>> Main details:
- I have already configured the static routes at all routers.
- The PC-01, PC-02, PC-03 and PC-04 run Windows7 OS and configure IP address, Subnet mask only. (That don’t have the IP default gateways.)
- All routers enable Proxy ARP of all interfaces. (enabled by default)
- All personal computers (the PC-01, PC-02, PC-03 and PC-04) can ping in the same subnet only.

>> Problem and Question:
Why cannot all personal computers (the PC-01, PC-02, PC-03 and PC-04) ping in the different subnet even though all routers enable Proxy ARP?

>> Remark:
- The Cisco document tell “Proxy ARP must be used on the network where IP hosts are not configured with a default gateway” by following in the figure 2.

PRA2

(Rene Molenaar) #29

Hi Apiwat,

Proxy ARP will only work for subnets that are directly connected to your router. R1 is not going to reply to that ARP request from PC1 when it’s destined for some subnet that is behind another router.

There is no good reason to use proxy ARP, it’s a fix for a design issue that should be fixed in your network :slight_smile:

Rene

1 Like