On Wed, 2 Dec 2009, Jared Gillis wrote:
Hello, I'm running some 3750s that are providing IP aggregation for customers of mine. One of the customers reported that his gateway (the 3750) was responding to ARP for his local LAN addresses. Taking a look, I realized that I forgot to disable proxy-arp on that 3750. I disabled it via the global "ip proxy arp disable" command, but it doesn't seem to have worked; the customer still says he is seeing ARP responses from the gateway, but only on PCs that have just booted. Also, "show ip int xxx" reports that proxy-arp is still live on the interface: #show ip int vlan101 Vlan101 is up, line protocol is up Internet address is 70.36.146.1/24 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is 100 Proxy ARP is enabled Local Proxy ARP is disabled
This might be the result of CSCsl75648, which does not reflect the global state of the proxy arp in the per-interface output.
I'd suggest to double-check with the sniffer trace how exactly the ARP traffic between the newly booted PCs and the gateway looks like, and see if you can correlate with anything with the config. Maybe there is more than one contributor to the overall issue - and disabling proxy-arp globally on the gateway solved only a part of it.
(Of course, checking if explicitly disabling proxy-arp on the interface would not hurt either - but even if it helps, the sniffer traces will very useful to find the root cause).
thanks, andrew _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/