«

Hello all,

During a static routing practice lab, a student defined his workstation's
Default Gateway to the router's Serial Interface and
not to the usual Ethernet Interface.

His workstation was physically connected to the R3 LAN and was logically
part of network 129.16.0.0

R1---------R2---------R3
|
LAN

The link between R3 and R2 was configured using network 1.0.0.0

Instead of defining his workstation's Default Gateway to 129.16.0.1 (R3's
FA0/0), he used 1.255.255.254 (R3's S0/0) and
everything worked correctly. Is this because of his station's ARP
request? The request surely reached FA0/0 because
directly connected and seems to have been switched by the router to the
Serial Port but I would have imagined that the
Gateway had to be defined as a member of the same logical network.

Many thanks

On 26.11.2005 11:57 J. Lanza wrote

> Hello all,
>
> During a static routing practice lab, a student defined his workstation's
> Default Gateway to the router's Serial Interface and
> not to the usual Ethernet Interface.
>
> His workstation was physically connected to the R3 LAN and was logically
> part of network 129.16.0.0
>
> R1---------R2---------R3
> |
> LAN
>
> The link between R3 and R2 was configured using network 1.0.0.0
>
> Instead of defining his workstation's Default Gateway to 129.16.0.1 (R3's
> FA0/0), he used 1.255.255.254 (R3's S0/0) and
> everything worked correctly. Is this because of his station's ARP
> request? The request surely reached FA0/0 because
> directly connected and seems to have been switched by the router to the
> Serial Port but I would have imagined that the
> Gateway had to be defined as a member of the same logical network.
>

Usually this will not work. I guess that R3 had Proxy ARP configured.




Arnold
--
Arnold Nipper, AN45

Your R3 router has "Proxy ARP" enabled. What it does - your router answers
on behalf of another interface or host on another segment. It responds to
the ARP requestor with it's own MAC address, so, your workstation, when it
tries to communicate to 1.255.255.254 address sends actual frame to the R3
router. In most cases this feature is disabled because of security
considerations.

Good luck,

Mike
www.ciscoheadsetadapter.com

"J. Lanza" <> wrote in message
news:jcXhf.29142$.. .
> Hello all,
>
> During a static routing practice lab, a student defined his workstation's
> Default Gateway to the router's Serial Interface and
> not to the usual Ethernet Interface.
>
> His workstation was physically connected to the R3 LAN and was logically
> part of network 129.16.0.0
>
> R1---------R2---------R3
> |
> LAN
>
> The link between R3 and R2 was configured using network 1.0.0.0
>
> Instead of defining his workstation's Default Gateway to 129.16.0.1 (R3's
> FA0/0), he used 1.255.255.254 (R3's S0/0) and
> everything worked correctly. Is this because of his station's ARP
> request? The request surely reached FA0/0 because
> directly connected and seems to have been switched by the router to the
> Serial Port but I would have imagined that the
> Gateway had to be defined as a member of the same logical network.
>
> Many thanks
>

CiscoHeadsetAdapter.com wrote:

> [snip: proxy-arp] In most cases this feature is
> disabled because of security considerations.

But every Cisco router has it on by default.

--

hsb


"Somehow I imagined this experience would be more rewarding" Calvin
**************************ROT13 MY ADDRESS*************************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
************************************************** ******************

In article <wBaif.35416$>, says...
>
>
>CiscoHeadsetAdapter.com wrote:
>
>> [snip: proxy-arp] In most cases this feature is
>> disabled because of security considerations.
>
>But every Cisco router has it on by default.
>
>--
>
>hsb
>
>
>"Somehow I imagined this experience would be more rewarding" Calvin
>**************************ROT13 MY ADDRESS*************************
>Due to the volume of email that I receive, I may not not be able to
>reply to emails sent to my account. Please post a followup instead.
>************************************************* *******************


Many thanks to all who have answered. Regarding Proxy-Arp, if I
disable this "On by default" feature on all Cisco routers
shown below, what is the immediate consequence?

R_1------------R_2------------R_3
| | |
LAN1 LAN2 LAN3


When a Host on LAN1 sends a packet to a Host on LAN3 with
"no ip proxy-arp" issued on all routers, the Host LAN1 ARP request
will, as always, not be broadcast by R_1 and in this case, R_1
will also not proxy the request for the Host.

Realizing that the Host would usually receive R_1's MAC Address,
what MAC Address will the Host now receive in order to communicate
with Lan3?

Many thanks for your precious help!!

The consequence is simple... misconfigured PCs and devices will not be
able to leave the network. It really is a good thing and Cisco
should not have it on by default. This is a good feature for a
home/SoHo device but for enterprise work it merely hides and disguises
errors so they can show other spurious symptoms. For instance WinXP
PCs will complain about DUPLICATE IP addresses randomly when a
misconfigured PC joins you LAN and utilizes ProxyArp to get around.
Techs chased this "duplicate" but no one had any idea that proxy-arp
was causing it. I have started to campaign for it to be turned off
here, but it will have to be coordinated with desktop support because
when it goes off, misconfigured desktops will stop working.



"J. Lanza" <> wrote:

>In article <wBaif.35416$>, says...
>>
>>
>>CiscoHeadsetAdapter.com wrote:
>>
>>> [snip: proxy-arp] In most cases this feature is
>>> disabled because of security considerations.
>>
>>But every Cisco router has it on by default.
>>
>>--
>>
>>hsb
>>
>>
>>"Somehow I imagined this experience would be more rewarding" Calvin
>>**************************ROT13 MY ADDRESS*************************
>>Due to the volume of email that I receive, I may not not be able to
>>reply to emails sent to my account. Please post a followup instead.
>>************************************************ ********************
>
>
>Many thanks to all who have answered. Regarding Proxy-Arp, if I
>disable this "On by default" feature on all Cisco routers
>shown below, what is the immediate consequence?
>
>R_1------------R_2------------R_3
> | | |
>LAN1 LAN2 LAN3
>
>
>When a Host on LAN1 sends a packet to a Host on LAN3 with
>"no ip proxy-arp" issued on all routers, the Host LAN1 ARP request
>will, as always, not be broadcast by R_1 and in this case, R_1
>will also not proxy the request for the Host.
>
>Realizing that the Host would usually receive R_1's MAC Address,
>what MAC Address will the Host now receive in order to communicate
>with Lan3?
>
>Many thanks for your precious help!!

DiGiTAL_ViNYL (no email)

J. Lanza wrote:
> Many thanks to all who have answered. Regarding Proxy-Arp, if I
> disable this "On by default" feature on all Cisco routers
> shown below, what is the immediate consequence?
>
> R_1------------R_2------------R_3
> | | |
> LAN1 LAN2 LAN3
>
>
> When a Host on LAN1 sends a packet to a Host on LAN3 with
> "no ip proxy-arp" issued on all routers,


It's not required on all routers. R3's LAN3 interface is the only one
that will need it (to break it). Or R1's LAN1 interface.


> the Host LAN1 ARP request
> will, as always, not be broadcast by R_1 and in this case, R_1
> will also not proxy the request for the Host.
> Realizing that the Host would usually receive R_1's MAC Address,
> what MAC Address will the Host now receive in order to communicate
> with Lan3?

It won't receive any replies. As a result, it will not be able to talk
to anyone outside of it's subnet.


--

hsb


"Somehow I imagined this experience would be more rewarding" Calvin
**************************ROT13 MY ADDRESS*************************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
************************************************** ******************