by Chris Pratt

CCIE RS Lab – Proxy ARP

Proxy ARP is one of those things that may make you think a route is working but will have a problem when you double check after it’s disabled. If you create a static route using an interface instead of an address, the router has to ARP out that interface for the neighboring address. If proxy arp is enabled on the recieving router is can “pretend” to know how to get to the destination.

How can this hurt you? If you test connectivity before disabling proxy arp you’ll have an entry in the arp table for the destination. After you disable proxy arp on the neighboring router, your originating router will still have that arp entry and you may think you still have connectivity until that arp entry times out (after 5 minutes).

How do you fix this? Static ARP entry on the router using a static route pointing out an interface for the destination you are trying to reach

Example

Originating router:
ip route 5.5.5.5 255.255.255.255 gi0/1.5 
arp 5.5.5.5 5555.5555.5555 arpa

Neighboring Router
int gi0/1
mac-address 5555.5555.5555

int gi0/1.5
no ip proxy-arp

int lo5
ip add 5.5.5.5 255.255.255.255

For good practice in the lab, statically configure the mac address on the interfaces just incase the router reloads since most of the time it’s in a virtualized environment now

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.