But say it could magically use proxy arp for nodes not on it's subnet (say
you had software that was sniffing the line and would add that subnet). To
answer Priscilla's question: They've got to do (P)NAT for all those
addresses anyway, since even if it was a public or private address, it
wouldn't get routed back to the hotel.
Of course, if the software could add any network it saw in use internally,
Priscilla couldn't get to her public subnet (since it would have added that
network to it's inside interface). You could even purposely/accidentally
"blackhole" sites by doing this, which is all the more reason it's not
likely.
No doubt hotels are just using DHCP, or maybe even giving out statics to
track who is one what. For LA Networkers I'm staying at a Marriott with
in-room CAIS internet access, so I'll be able to tell one way or another.
You'd better believe I'll bring my new Sniffer as well and I'll be hacking
the thing. No doubt they use some sort of vlan setup (default vlan gets you
dhcp and net access just to the hotel pay website, once you pay up you get
moved to the vlan with real access).
Oh, and I'm going to bring a Cache Engine and Aironet 340 access point, so
anyone nearby can have free internet access on me (costs me like $10/night,
but the company is paying for it). As the hotel is already completely
booked and it was reserved by Cisco, I'm guessing there may be a fair amount
of folks with 802.11 NICs.
$(%$%(#$ my router just crashed again, hehee. Silly me, I should just stop
trying to do an Offline Sync with IE with this CE507 proxying for me:
falcon#sh mem
Head Total(b) Used(b) Free(b) Lowest(b)
Largest(b)
Processor 80FA04D8 7732008 7138812 593196 305376
358784
I/O 1700000 1048644 694056 354588 354588
354012
falcon#
May 25 19:26:13.573 PDT: %SYS-2-MALLOCFAIL: Memory allocation of 152 bytes
failed from 0x8
00FA964, pool Processor, alignment 0
-Process= "IP Input", ipl= 4, pid= 29
-Traceback= 800F83B8 800FA0B0 800FA968 8085CFFC 8085D784 80858034 808575A4
80856B3C 802350
FC 80233738 80233938 80233A94 8011A09Csh mem
Head Total(b) Used(b) Free(b) Lowest(b)
Largest(b)
Processor 80FA04D8 7732008 7676276 55732 10832
32728
I/O 1700000 1048644 694056 354588 354588
354012
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
""Chuck Larrieu"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Forgive the silly questions, but 1) was proxy arp enabled on the router
and
> 2) was there a route to the 10dot network, or a default route in the
routing
> table of the router in question?
>
> From RFC 1027:
>
> To permit multiple subnets per physical network, an ARP subnet gateway
must
> use the physical network interface, not the subnet number to determine
when
> to reply to an ARP request. That is, it should send a proxy ARP reply only
> when the source network interface differs from the target network
interface.
> In addition, appropriate routing table entries for these "phantom" subnets
> must be added to the subnet gateway routing tables.
>
> OK. I get it. The router still needs to be one the same subnet as the host
> making the request. The RFC refers to multiple subnets of the same major
> network. In the case you, PO, mention, the router interface would have to
> have secondary addressing to cover all possibilities. Score one for the
> designer! Good call.
>
> Chuck
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> Priscilla Oppenheimer
> Sent: Friday, May 25, 2001 3:24 PM
> To: [EMAIL PROTECTED]
> Subject: RE: ARP versus Proxy-arp [7:5664]
>
> At 05:05 PM 5/25/01, Bob Vance wrote:
>
> >Once the Proxy ARP answers the client's request for his
> >DG on net 10, then all the other packets will be to "real" Internet
> >addresses.
>
> OK, I hear you on the routing questions, but it turns out the router does
> NOT respond to the ARP for the DG. I decided to try it. It doesn't work
for
> a different reason than expected.
>
> I left my PC configured as I use it on a real network and plugged it into
> my lab network, which uses a different addressing scheme. I was emulating
a
> traveller connecting to the hotel network without reconfiguring the TCP/IP
> control panel.
>
> I had debug arp on and here was the result:
>
> IP ARP req filtered src 10.0.0.2 0000.0ed5.c7e7, dst 10.0.0.1 0000.0000.
> 0000 wrong cable
>
> The router won't respond to an ARP from a station that isn't on its
subnet.
> Remember that an ARP packet has the sender's IP address in it. I was
> running 11.0 because my lab network is old so your results may vary.
>
> I think the hotel network is on fantasy island. ;-)
>
> Priscilla
>
>
>
> >-------------------------------------------------
> >Tks |
> >BV |
> >Sr. Technical Consultant, SBM, A Gates/Arrow Co.
> >Vox 770-623-3430 11455 Lakefield Dr.
> >Fax 770-623-3429 Duluth, GA 30097-1511
> >=================================================
> >
> >
> >
> >
> >
> >-----Original Message-----
> >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> >Priscilla Oppenheimer
> >Sent: Friday, May 25, 2001 3:04 PM
> >To: [EMAIL PROTECTED]
> >Subject: RE: ARP versus Proxy-arp [7:5664]
> >
> >
> >If a router running Proxy ARP didn't have a "route of last resort" or
> >"default route" would it still respond to an ARP for some random
> >non-local
> >network? It would cause problems if it responded to the ARP when it
> >couldn't really route packets to the destination. I suppose it usually
> >works because this router or the DG as you mention below has a default
> >route to the rest of the world.
> >
> >And how about network 10.0.0.0? The hotel router in the scenario
> >wouldn't
> >respond to a customer's ARP for a DG of 10.0.0.1 unless the hotel
> >network
> >was configured with a 10.0.0.0 network, would it? Or maybe the default
> >route would cover this too, but maybe not since it's a private address.
> >
> >I realize I'm being brain damaged about the whole topic, but I think the
> >issues are more subtle than people realize.
> >
> >Priscilla
> >
> >At 09:14 PM 5/24/01, Bob Vance wrote:
> > > >Why would it think it can get to 10.0.0.0 (that ones a little
> > > >easier) or 138.1.0.0 (unlikely) when the client computer ARPs for its
> > > >default gateway?
> > >
> > >Well, now.
> > >Does a DG of its own count as "knowing how to get there"?>)
> > >
> > >
> > >-------------------------------------------------
> > >Tks |
> > >BV |
> > >Sr. Technical Consultant, SBM, A Gates/Arrow Co.
> > >Vox 770-623-3430 11455 Lakefield Dr.
> > >Fax 770-623-3429 Duluth, GA 30097-1511
> > >=================================================
> > >
> > >
> > >
> > >
> > >
> > >-----Original Message-----
> > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > >Priscilla Oppenheimer
> > >Sent: Thursday, May 24, 2001 6:24 PM
> > >To: [EMAIL PROTECTED]
> > >Subject: RE: ARP versus Proxy-arp [7:5664]
> > >
> > >
> > >You missed the point. I know what Proxy ARP is.
> > >
> > >I assume the goal is that the traveller doesn't need to do any
> > >reconfiguration and can leave the default gateway set to the home
> >office
> > >setting of 10.0.0.32, or 138.1.80.193 in my second example. A router
> > >doesn't just blindly respond to ARPs. It only responds if it thinks it
> > >can
> > >get there. Why would it think it can get to 10.0.0.0 (that ones a
> >little
> > >easier) or 138.1.0.0 (unlikely) when the client computer ARPs for its
> > >default gateway?
> > >
> > >The design of the hotel network must be quite interesting. I was hoping
> > >the
> > >original poster had more details.
> > >
> > >Priscilla
> > >
> > >At 12:35 PM 5/24/01, Cornell Manea wrote:
> > > >Proxy-arp is used to find a router and get by on a
> > > >segment when you don't know the IP address of the
> > > >default gateway...
> > > >
> > > >
> > > >--- Priscilla Oppenheimer wrote:
> > > > > Hmm... That's interesting. I'm trying to figure it
> > > > > out. Say, on my office
> > > > > network, my default gateway is something like
> > > > > 10.0.0.32 because we're using
> > > > > private addresses and NAT. When I travel, would the
> > > > > router in the hotel
> > > > > respond to my ARP for 10.0.0.32?? Would the router
> > > > > think that it can reach
> > > > > network 10.0.0.0?
> > > > >
> > > > > And, let's say that I don't use private addresses on
> > > > > my office network
> > > > > (which I don't). Let's say the default gateway is
> > > > > 138.1.80.193. Would the
> > > > > hotel router respond to my ARP for 138.1.80.193?
> > > > > Would the router think
> > > > > that it can reach network 138.1.0.0?
> > > > >
> > > > > I would hate to be the desk clerk responding to
> > > > > questions about this! ;-)
> > > > >
> > > > > Priscilla
> > > > >
> > > > > At 10:56 AM 5/24/01, [EMAIL PROTECTED] wrote:
> > > > > >Proxy-Arp Lives!
> > > > > >
> > > > > >I have to add that as I understand it proxy arp and
> > > > > nat are how hotels offer
> > > > > >internet connectivity. Take a laptop with any ip
> > > > > address configured plug it
> > > > > >in and it will arp for its default gateway. The
> > > > > router with proxy arp will
> > > > > >answer as the default gateways mac address. Then
> > > > > using a wide scope for nat
> > > > > >(the scope would be the entire ip address range)
> > > > > the hotel can provide
> > > > > >internet connectivity to a client with any
> > > > > configured ip address and
> > > > > >gateway.
> > > > > >
> > > > > >Dean Whitley
> > > > > >
> > > > > >-----Original Message-----
> > > > > >From: Hire, Ejay [mailto:[EMAIL PROTECTED]]
> > > > > >Sent: Thursday, May 24, 2001 10:32 AM
> > > > > >To: [EMAIL PROTECTED]
> > > > > >Subject: RE: ARP versus Proxy-arp [7:5664]
> > > > > >
> > > > > >
> > > > > >Proxy arp isn't dead, it is still in use very
> > > > > frequently on dial-up links.
> > > > > >If you get a chance, dial-up to earthlink and run
> > > > > winipcfg. You'll see that
> > > > > >your default gateway is actually set to yourself.
> > > > > Their is a reasonable
> > > > > >explanation of this behavior in the Sybex CCNP
> > > > > switch 2.0 chapter on
> > > > > >redundancy.
> > > > > >
> > > > > >-EH
> > > > > >
> > > > > >-----Original Message-----
> > > > > >From: Chuck Larrieu [mailto:[EMAIL PROTECTED]]
> > > > > >Sent: Wednesday, May 23, 2001 10:37 PM
> > > > > >To: [EMAIL PROTECTED]
> > > > > >Subject: ARP versus Proxy-arp [7:5664]
> > > > > >
> > > > > >
> > > > > >At the risk of becoming another Bob Vance......
> > > > > >
> > > > > >I'm reading Doug Comer's TCP/IP reference, on the
> > > > > assumption that it can't
> > > > > >hurt to really get into how TCP/IP works.
> > > > > >
> > > > > >Proxy-arp versus normal arp.
> > > > > >
> > > > > >A host does not know the physical address of
> > > > > another host so it sends out an
> > > > > >ARP request. If the host in question lies on
> > > > > another network, a router
> > > > > >responds to that request. Proxy ARP, correct?
> > > > > >
> > > > > >A host through it's TCP stack does the XOR and
> > > > > determines that a host lies
> > > > > >on another network. The host therefore sends the
> > > > > packet to the device
> > > > > >indicated as its default gateway in its
> > > > > configuration. It sends an ARP
> > > > > >request for the MAC of the default gateway. Normal
> > > > > ARP?
> > > > > >
> > > > > >So in other words, proxy arp may be viewed as
> > > > > something of an obsolete
> > > > > >protocol / operation in that most modern TCP stacks
> > > > > contain the mechanisms
> > > > > >for doing the network XOR determination, and then
> > > > > using the default gateway.
> > > > > >A modern stack would recognize that a host is on a
> > > > > different network and go
> > > > > >the default gateway route, so to speak.
> > > > > >
> > > > > >In other words, the necessity for proxy arp is
> > > > > eliminated for the most part
> > > > > >because of the default gateway concept and the
> > > > > modern TCP stack.
> > > > > >
> > > > > >Has it sunk through this thick head finally?
> > > > > >
> > > > > >PS Comer states that proxy arp is aka arp hack. :->
> > > > > >
> > > > > >Chuck
> > > > > >
> > > > > >One IOS to forward them all.
> > > > > >One IOS to find them.
> > > > > >One IOS to summarize them all
> > > > > >And in the routing table bind them.
> > > > > >
> > > > > >-JRR Chambers-
> > > > > >FAQ, list archives, and subscription info:
> > > > > >http://www.groupstudy.com/list/cisco.html
> > > > > >Report misconduct and Nondisclosure violations to
> > > > > [EMAIL PROTECTED]
> > > > > >FAQ, list archives, and subscription info:
> > > > > >http://www.groupstudy.com/list/cisco.html
> > > > > >Report misconduct and Nondisclosure violations to
> > > > > [EMAIL PROTECTED]
> > > > > >FAQ, list archives, and subscription info:
> > > > > >http://www.groupstudy.com/list/cisco.html
> > > > > >Report misconduct and Nondisclosure violations to
> > > > > [EMAIL PROTECTED]
> > > > >
> > > > >
> > > > > ________________________
> > > > >
> > > > > Priscilla Oppenheimer
> > > > > http://www.priscilla.com
> > > > > FAQ, list archives, and subscription info:
> > > > > http://www.groupstudy.com/list/cisco.html
> > > > > Report misconduct and Nondisclosure violations to
> > > >[EMAIL PROTECTED]
> > > >
> > > >
> > > >__________________________________________________
> > > >Do You Yahoo!?
> > > >Yahoo! Auctions - buy the things you want at great prices
> > > >http://auctions.yahoo.com/
> > >
> > >
> > >________________________
> > >
> > >Priscilla Oppenheimer
> > >http://www.priscilla.com
> > >FAQ, list archives, and subscription info:
> > >http://www.groupstudy.com/list/cisco.html
> > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> >
> >________________________
> >
> >Priscilla Oppenheimer
> >http://www.priscilla.com
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
> ________________________
>
> Priscilla Oppenheimer
> http://www.priscilla.com
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=6005&t=5664
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
