Default Gateways...

Hello all,

During a static routing practice lab, a student defined his workstation's Default Gateway to the router's Serial Interface and not to the usual Ethernet Interface.

His workstation was physically connected to the R3 LAN and was logically part of network

R1---------R2---------R3 | LAN

The link between R3 and R2 was configured using network

Instead of defining his workstation's Default Gateway to (R3's FA0/0), he used (R3's S0/0) and everything worked correctly. Is this because of his station's ARP request? The request surely reached FA0/0 because directly connected and seems to have been switched by the router to the Serial Port but I would have imagined that the Gateway had to be defined as a member of the same logical network.

Many thanks

Reply to
J. Lanza
Loading thread data ...

On 26.11.2005 11:57 J. Lanza wrote

Usually this will not work. I guess that R3 had Proxy ARP configured.


Reply to
Arnold Nipper

Your R3 router has "Proxy ARP" enabled. What it does - your router answers on behalf of another interface or host on another segment. It responds to the ARP requestor with it's own MAC address, so, your workstation, when it tries to communicate to address sends actual frame to the R3 router. In most cases this feature is disabled because of security considerations.

Good luck,


formatting link

Reply to

But every Cisco router has it on by default.

Reply to
Hansang Bae

Many thanks to all who have answered. Regarding Proxy-Arp, if I disable this "On by default" feature on all Cisco routers shown below, what is the immediate consequence?

R_1------------R_2------------R_3 | | | LAN1 LAN2 LAN3

When a Host on LAN1 sends a packet to a Host on LAN3 with "no ip proxy-arp" issued on all routers, the Host LAN1 ARP request will, as always, not be broadcast by R_1 and in this case, R_1 will also not proxy the request for the Host.

Realizing that the Host would usually receive R_1's MAC Address, what MAC Address will the Host now receive in order to communicate with Lan3?

Many thanks for your precious help!!

Reply to
J. Lanza

The consequence is simple... misconfigured PCs and devices will not be able to leave the network. It really is a good thing and Cisco should not have it on by default. This is a good feature for a home/SoHo device but for enterprise work it merely hides and disguises errors so they can show other spurious symptoms. For instance WinXP PCs will complain about DUPLICATE IP addresses randomly when a misconfigured PC joins you LAN and utilizes ProxyArp to get around. Techs chased this "duplicate" but no one had any idea that proxy-arp was causing it. I have started to campaign for it to be turned off here, but it will have to be coordinated with desktop support because when it goes off, misconfigured desktops will stop working.

"J. Lanza" wrote:

DiGiTAL_ViNYL (no email)

Reply to

It's not required on all routers. R3's LAN3 interface is the only one that will need it (to break it). Or R1's LAN1 interface.

It won't receive any replies. As a result, it will not be able to talk to anyone outside of it's subnet.

Reply to
Hansang Bae Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.