VLANs routed with C3560 and Proxy ARP

Discussion in 'Cisco' started by Morph, Aug 10, 2008.

  1. Morph

    Morph Guest

    We have several offices and use a provider to route betwean the private
    networks.
    At one of the offices we have the network 192.168.2.0/24 that is routed
    and accessible from the other offices.

    Now we want to use VLANS in that office. We are planing to use
    C2960G-48TC-L as access switch and have a C3560G-24TS-S to route between
    the VLANs.

    The address of the provider router is 192.168.2.254.

    We are planing to create several VLANs:
    192.168.2.1-62 /255.255.255.192
    192.168.2.65-94 /255.255.255.224
    etc...

    The routed port of the catalyst 3560 connected to the router will have
    the address 192.168.2.253 and the C3560 and C2960 will be connected
    through a trunk.

    All the VLANs will use their own default gateways set on the Catalyst
    3560.

    So the diagram will be:

    ROUTER---C3560---C2960---VLANS

    When the router will try to connect to any of the addresses in the VLANs
    it will do so in a way that C3560 will answer through proxy ARP.

    Will this work or are we missing something?
    Morph, Aug 10, 2008
    #1
    1. Advertising

  2. Morph

    Morph Guest

    In the message <48a1df2a$0$5246$>
    Martin Bilgrav wrote:

    | "Morph" <> wrote in message
    | news:...
    | > We have several offices and use a provider to route betwean the private
    | > networks.
    | > At one of the offices we have the network 192.168.2.0/24 that is routed
    | > and accessible from the other offices.
    | >
    | > Now we want to use VLANS in that office. We are planing to use
    | > C2960G-48TC-L as access switch and have a C3560G-24TS-S to route between
    | > the VLANs.
    | >
    | > The address of the provider router is 192.168.2.254.
    | >
    | > We are planing to create several VLANs:
    | > 192.168.2.1-62 /255.255.255.192
    | > 192.168.2.65-94 /255.255.255.224
    | > etc...
    | >
    | > The routed port of the catalyst 3560 connected to the router will have
    | > the address 192.168.2.253 and the C3560 and C2960 will be connected
    | > through a trunk.
    | >
    | > All the VLANs will use their own default gateways set on the Catalyst
    | > 3560.
    | >
    | > So the diagram will be:
    | >
    | > ROUTER---C3560---C2960---VLANS
    | >
    | > When the router will try to connect to any of the addresses in the VLANs
    | > it will do so in a way that C3560 will answer through proxy ARP.
    | >
    | > Will this work or are we missing something?
    |
    |
    | you can do VLAN routing in two setups:
    | 1. SVI
    | 2. Routed interface with sub-interface.

    I used SVI.

    | to answer your Q:
    | > When the router will try to connect to any of the addresses in the VLANs
    | > it will do so in a way that C3560 will answer through proxy ARP.
    | The router do not want to connect, more likely it wants to forward some
    | packets to the VLANs.

    Yes :) I'm not native english speaker so the wording i used wasn't
    appropriate.

    | when the router forwards packets, it looks up its own routetable and forward
    | accordingly.
    | so the router will most likely only have the C3560 in its ARP table, as it
    | will forward packets to the c3560, inorder to reach the VLANs.
    |
    | Hope this answers your Q.
    | btw - you should disable Proxy ARP anyhow.

    The router has an address 192.168.2.254/24 so it thinks that all the
    hosts are in the same subnet as the router. I segmented 192.168.2.0/24
    into several segments with a SVI as default gateway for every VLAN (like
    192.168.2.0/26, 192.168.2.64/26, 192.168.2.128/27 etc.).
    The port of the 3560 connected with the router is 192.168.2.253/30.

    If I disable Proxy ARP then the router won't be able to send packets to
    all the hosts since they are all in different subnets. With Proxy ARP
    enabled the 3560 will forward the packets to the hosts.

    Regards.
    Morph, Aug 12, 2008
    #2
    1. Advertising

  3. Morph

    Merv Guest

    Any particular reason the provider is not providing you with a dynamic
    routing protocol so that you can address subnets at any of your sites
    the way you want without having to use kludges like proxy-ARP?

    What is the backbone transport technology used by your provider ?
    Merv, Aug 13, 2008
    #3
  4. Morph

    Morph Guest

    In the message
    <> Merv
    wrote:

    | Any particular reason the provider is not providing you with a dynamic
    | routing protocol so that you can address subnets at any of your sites
    | the way you want without having to use kludges like proxy-ARP?
    | What is the backbone transport technology used by your provider ?

    It's MPLS.
    Morph, Aug 13, 2008
    #4
  5. Morph

    Merv Guest

    > | Any particular reason the provider is not providing you with a dynamic
    > | routing protocol so that you can address subnets at any of your sites
    > | the way you want without having to use kludges like proxy-ARP?
    > | What is the backbone transport technology used by your provider ?



    > It's MPLS.



    And you have PE-CE routing protocol of static due to - cost or some
    other factor ?
    Merv, Aug 13, 2008
    #5
  6. Morph

    Morph Guest

    In the message
    <> Merv
    wrote:

    | > | Any particular reason the provider is not providing you with a dynamic
    | > | routing protocol so that you can address subnets at any of your sites
    | > | the way you want without having to use kludges like proxy-ARP?
    | > | What is the backbone transport technology used by your provider ?
    |
    |
    | > It's MPLS.
    |
    |
    | And you have PE-CE routing protocol of static due to - cost or some
    | other factor ?

    I don't know the reason. It was allready set up and I'm just trying to
    implement the VLAN's without too much change.
    I configured the switches and everything seems to be working fine (with
    proxy arp).
    What are the drawbacks of this configuration? Will this be too much
    processor load for the 3560 (because od proxy arp) or something else?
    Morph, Aug 13, 2008
    #6
  7. Morph

    Merv Guest

    On Aug 13, 7:49 am, Morph <> wrote:
    > In the message
    > <> Merv
    > wrote:
    >
    > | > | Any particular reason the provider is not providing you with a dynamic
    > | > | routing protocol so that you can address subnets at any of your sites
    > | > | the way you want without having to use kludges like proxy-ARP?
    > | > | What is the backbone transport technology used by your provider ?
    > |
    > |
    > | > It's MPLS.
    > |
    > |
    > | And you have PE-CE routing protocol of static due to - cost or some
    > | other factor ?
    >
    > I don't know the reason. It was allready set up and I'm just trying to
    > implement the VLAN's without too much change.
    > I configured the switches and everything seems to be working fine (with
    > proxy arp).
    > What are the drawbacks of this configuration? Will this be too much
    > processor load for the 3560 (because od proxy arp) or something else?



    As an interim measure what you have done is fine.

    I would encourage you to speak to your provider to see why you have
    static PE-CE routing and if dynamic routing is avialbel ( at what
    cost) , etc, etc. At a minimum you will learn more about what is
    available.

    The advance of dynamic PE_CE is that you will be able to restructure
    your LAN sub-netting at each site without having to use proxy-ARP.


    In general, the use of proxy ARP is not encouraged.

    see http://www.cisco.com/en/US/tech/tk6...tech_note09186a0080094adb.shtml#disadvantages
    Merv, Aug 13, 2008
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. YIgal K.

    PIX and proxy-arp

    YIgal K., Dec 9, 2003, in forum: Cisco
    Replies:
    3
    Views:
    5,313
    Rik Bain
    Dec 10, 2003
  2. amfony
    Replies:
    6
    Views:
    8,479
    Walter Roberson
    May 2, 2006
  3. Darren Green

    Arp or Proxy Arp

    Darren Green, Feb 20, 2009, in forum: Cisco
    Replies:
    0
    Views:
    538
    Darren Green
    Feb 20, 2009
  4. Thrill5
    Replies:
    2
    Views:
    2,085
    Thrill5
    Apr 20, 2009
  5. bod43
    Replies:
    0
    Views:
    616
    bod43
    Apr 23, 2009
Loading...

Share This Page