> How Cisco Switch Pings From The Management VLAN to Different Subnet Without 'ip default-gateway' ? - Sarada Hettiarachchi




Friday, May 20, 2016

How Cisco Switch Pings From The Management VLAN to Different Subnet Without 'ip default-gateway' ?

With the default configurations (Without 'ip default-gateway'), If you ping from SW01 VLAN IP to SW02 VLAN 02, Will it be successful?

The answer is 'YES'..! Because, Proxy-ARP feature is enable in the latest Cisco Router.

How Proxy-ARP Works?

When you are trying to 'ping' from SW1 ( to SW2 (, SW1 will send an ARP request to the destination.The ARP request packet is encapsulated in an Ethernet frame with the MAC address of 000C.8543.E4C9 as the source address and a broadcast (FFFF.FFFF.FFFF) as the destination address.

If the router receives an ARP request for a host/IP that is not on the same interface as the ARP request sender, and if the router has all of its routes to that host through other interfaces, then it generates a proxy ARP reply packet giving its own local data-link address (0001.64E7.A501) to represent the intended destination IP ( 

The host that sent the ARP request then sends its packets to the router, which forwards them to the intended host. This is called 'Proxy ARP' and it is enabled by default.  

Disable Proxy-ARP
Router(config-if)# no ip proxy-arp 

Advantages of Proxy ARP

  • The main advantage of proxy ARP is that it can be added to a single router on a network and does not disturb the routing tables of the other routers on the network.
  • Proxy ARP must be used on the network where IP hosts are not configured with a default gateway or do not have any routing intelligence. 

Disadvantages of Proxy ARP

Hosts have no idea of the physical details of their network and assume it to be a flat network in which they can reach any destination simply by sending an ARP request. But using ARP for everything has disadvantages. These are some of the disadvantages:
  • It increases the amount of ARP traffic on your segment.
  • Hosts need larger ARP tables in order to handle IP-to-MAC address mappings.
  • Security can be undermined. A machine can claim to be another in order to intercept packets, an act called "spoofing."
  • It does not work for networks that do not use ARP for address resolution.
  • It does not generalize to all network topologies. For example, more than one router that connects two physical networks.

Post a Comment

Copyright © 2018 Sarada Hettiarachchi
Thanks to Premium Themes and Blogger