Proxy ARP is a protocol used in Routers by default and works against the rule of default gateway configuration requirement on the end hosts.
Example Scenario: Proxy ARP
Let’s take a lab scenario example to have clear understanding of how proxy ARP works. Below are 3 devices connected in series i.e. R1, R2 and R3 respectively.
We will configure Routers R1 and R3 in different subnets and having no default gateway as below –
!
no ip routing
!
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.0
!
interface FastEthernet0/1
ip address 192.168.23.2 255.255.255.0
!
no ip routing
!
interface FastEthernet0/0
ip address 192.168.23.3 255.255.255.0
Now lets ping from R1 (which has no default gateway) to reach R3.
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.23.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/100/144 ms
R1#
R1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.12.1 – c200.1988.0000 ARPA FastEthernet0/0
Internet 192.168.23.3 21 c201.1988.0000 ARPA FastEthernet0/0
The above output was a success since R1 was able to ping R3 . However, “Show ARP” command on R1 shows two IPs ie 192.168.12.1 and 192.168.23.3 having the same mac address (in this case c201.1988.0000). This is fishy and now need to find out where is the mac address actually residing.
Below , we check the mac address of interface fa0/0 which is connected to R1 Router.
Hardware is Gt96k FE, address is c201.1988.0000 (bia c201.1988.0000)
Now we understand that R2 acts as a proxy for requests coming from R1 and destined for other subnet. R2 provides its own mac address in the ARP reply and hence forwards the packets on behalf of R1 to R3 and vice versa.
Now , lets see what happens when we disable proxy ARP on both the interfaces of R2 –
R2(config-if)#no ip proxy-arp
R2(config-if)#int f0/1
R2(config-if)#no ip proxy-arp
After clearing the ARP cache of R1, the output is below –
R1#ping 192.168.23.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.23.3, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)R1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.12.1 – c200.1988.0000 ARPA FastEthernet0/0
Internet 192.168.23.3 0 Incomplete ARPA
R1#
As learned from this test, after disabling proxy ARP on R2 , it has stopped acting as proxy for Interfaces Fa0/0 and Fa0/1 on which R2 and R3 are connected.
Continue Reading:
ABOUT THE AUTHOR
I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”
I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.
I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)
