Will proxy-arp fix this incorrectly subnetted network?

On 22.05.2006 22:01 Chris wrote

This -----------------------------------^^

looks strange. You ar shure it should really read /24 and not /16?

If it is really like above then simply let all machines one

172.16.1.0/24 point to your 2610 ( @ let's say 172.16.1.254), all of your 172.16.26.0/24 point to your 3725 ( @ let's say 172.16.26.254) and each of your ciscos route the other network via the whatever common interface. What do they have in between?

Yes! Sorry, in my haste I posted the wrong mask. Oops.

They are both /16, i.e. the netmask is 255.255.0.0 for both networks even though they are physically distant and thus require a router 'in between' the two.

They have some kind of a serial connection between them, I presume something like a T1 or a leased-line. 172.16.1.194 is Ethernet0 on the local Cisco to me, 172.16.26.194 is Ethernet0 on the remote Cisco.

10.1.2.2 is Serial0 on the local Cisco to me, and 10.1.2.1 is it's gateway (presumably Serial0 on the remote router).

So, the problem is that the 172.16.1.0 and 172.16.26.0 machines both have subnets of 255.255.0.0, so they do not think that they need to talk to a router to get to each other even though they do. My question is, will enabling proxy-arp on Eth0 on both routers fix this problem for me? Without moving IP networks or changing subnet masks everywhere.

Chris

Yes. Configure the subnet masks and routes correctly on the routers, and proxy ARP will take care of routing the traffic transparently.

Thanks again for all your help, Barry. When you say "correctly", do you mean that on the routers I should use 255.255.255.0 even though the rest of the networks are set as 255.255.0.0 (which is incorrect for my application)?

Chris

On 23.05.2006 04:35 snipped-for-privacy@gmail.com wrote

Correctly means that you have to set subnet mask and broadcast accordingly

e.g. for the C2610

! interface FastEthernet 0/0 ip address 172.16.1.194 255.255.255.0 ip broadcast-address 172.16.255.255 ! ! static route to the other network ! ip route 172.16.26.0 255.255.255.0 10.1.2.1

On 23.05.2006 04:35 snipped-for-privacy@gmail.com wrote

Correctly means that you have to set subnet mask and broadcast accordingly

e.g. for the C2610

! interface FastEthernet 0/0 ip address 172.16.1.194 255.255.255.0 ip broadcast-address 172.16.255.255 ! ! static route to the other network ! ip route 172.16.26.0 255.255.255.0 10.1.2.1

So, you're asking whether proxy-arp will solve your problems with the incorrect configuration? The short answer is no. Proxy arp isn't going to do anything for you. Both routers think that 172.16.0.0/16 is connected to their ethernet interface, and they have no reason to route it.

It's possible that you could make it work with more specific static routes (on your routers and all hosts), but do you really want to? It seems really short-sighted. Don't work around an incorrect configuration. Fix it the right way, or you'll have to fix it again later.

Perhaps I don't want a solution, as much as I desire a temporary work-around.

The problem is that I inherited this recently, and it was built long ago. Some of the sites are geographically quite distant, and they have many (100+ hosts); not all of which are using DHCP. So, to change all the addressing at a big site far away (with no real tech there to help me) isn't going to be the easiest thing to do in a hurry :-|

I've reread this thread, what Arnold and Barry wrote, and then also refreshed my memory on proxy arp from Cisco's website, and I need to retract my statement. I can now confidently say "I don't know" to your original question. :)

Reading the proxy arp doc (

it sounds like it should work for your purposes, until you get to the last bullet point toward the end: "It does not generalize to all network topologies (for example, more than one router connecting two physical networks)."

So, ... let us know?

Fred

Yes. The point is that the routers need to know the *true* organization of the subnets. The router at each site needs to know that its LAN does not contain the entire /16, but just a /24. Its routing table will tell it that the rest of the /16 is reached via the WAN, and it will use proxy ARP to route this transparently to the client machines that have their masks set incorrectly.

Okay great, thanks Barry -- that clears it up. I was just wondering if the routers were 'smart' enough to see that the subnet masking I was using was, in fact, incorrect and that the mere presence of proxy-arp would fix the issue. I doubted that would be the case, though, and wanted to make sure that I'd need to change the subnet masks to be 'correct' in terms of how they would be setup in an ideal environment.

Chris

You know that proxy-arp is on by default, don't you? So if it's not already doing what you want, it obviously isn't smart enough to figure it out automatically.

Yep, I do, but unless it runs (even by default) without appearing in the system's running-config, it's not running on these routers in question.

(snipped)

interface Ethernet0/0 ip address 172.16.1.194 255.255.0.0 no ip mroute-cache no mop enabled ! interface Serial0/0 ip address 10.1.2.2 255.0.0.0 no ip mroute-cache no fair-queue ! interface Serial0/1 no ip address no ip mroute-cache shutdown no fair-queue ! interface Serial0/2 no ip address no ip mroute-cache shutdown ! no ip classless ip route 172.16.25.0 255.255.255.0 10.1.2.1 ip route 172.16.26.0 255.255.255.0 10.1.2.1 ip route 172.16.27.0 255.255.255.0 10.1.2.1 ip route 172.16.28.0 255.255.255.0 10.1.2.1

Chris

On 24.05.2006 22:59 Chris wrote

Imho this should read

interface Ethernet 0/0 ip address 172.16.1.194 255.255.255.0 ip broadcast-address 172.16.255.255

Most default settings don't appear in "show running-config". Use "show ip interface ethernet0/0" and you'll probably see it.

Ah, you're right:

aug-br0#show ip interface ethernet0/0 Ethernet0/0 is up, line protocol is up Internet address is 172.16.1.194/16 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is enabled Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled

I guess, then, that the only thing I can do is change the IP address and netmask to be 'correct' and hope for the best?

Chris

On 25.05.2006 22:57 Chris wrote

You have to set the broadcast address to 172.16.255.255 as well.

Not that it really matters. Unless he's running something like RIP on the LAN, the router rarely needs to send broadcasts.

I'm still having problems with all of this, however I can now post some clearer information on the exact problems...

Our local network is made up of three subnets: 172.16.1.0/16,

172.16.10.0/16, 172.16.11.0/16. The *majority* of clients live in 172.16.10.0 and 172.16.11.0.

A local router (172.16.1.194/16) connects through a directly-connected T1 to a remote router (172.16.26.1/24) for access to a remote network consisting of 172.16.26.0/24 and 172.16.27.0/24.

Clients that exist locally in 172.16.1.0/16 *can* ping the local router (172.16.1.194/16) and *can* ping the remote router (172.16.26.1/24) via the T1. Clients that exist locally in 172.16.10.0/16 can ping the local router but *CANNOT* ping the remote router, or any other host across the T1.

A traceroute from a machine in the 172.16.10.0/16 network stops at the local router (172.16.1.194/16), so it is clear that it is a routing or addressing issue:

(user@172.16.10.20)$ traceroute -n 172.16.26.1 traceroute to 172.16.26.1 from 172.16.10.20, 64 hops max, 40 byte packets 1 172.16.1.194 3.858 ms 1.200 ms 1.059 ms 2 * * *

Please note that 172.16.1.0, 172.16.10.0 and 172.16.11.0 have a subnet mask of /16 as they are all directly-connected through a Layer-2 switch. No dynamic routing is used in the network. And as has been covered in this thread, the subnet masks are 'incorrect' in terms of

172.16.26 really being remote, and not local.

Local router config:

version 11.3 ! interface Ethernet0/0 ip address 172.16.1.194 255.255.0.0 no ip mroute-cache no mop enabled ! interface Serial0/0 ip address 10.1.2.2 255.0.0.0 no ip mroute-cache no fair-queue ! no ip classless ip route 172.16.25.0 255.255.255.0 10.1.2.1 ip route 172.16.26.0 255.255.255.0 10.1.2.1 ip route 172.16.27.0 255.255.255.0 10.1.2.1 ip route 172.16.28.0 255.255.255.0 10.1.2.1

Remote router config:

version 12.2 ! ip subnet-zero ! interface FastEthernet0/0 ip address 172.16.26.1 255.255.255.0 duplex auto speed auto appletalk cable-range 20000-20000 20000.18 appletalk zone Augusta no cdp enable ! interface Serial0/0 description t1 to irrelevant remote office ip address 10.1.0.1 255.255.255.252 encapsulation ppp ! interface FastEthernet0/1 ip address 172.16.27.1 255.255.255.0 duplex auto speed auto no cdp enable ! interface Serial0/1 description t1 to local router (i.e. the important one) ip address 10.1.2.1 255.255.255.252 no cdp enable ! interface Serial0/2 description t1 to another irrelevant office ip address 10.1.1.1 255.255.255.252 appletalk cable-range 10000-10000 10000.7 appletalk zone WAN no cdp enable ! ip classless ip route 172.16.1.0 255.255.255.0 10.1.2.2 ip route 172.16.3.0 255.255.255.0 10.1.2.2 ip route 172.16.25.0 255.255.255.0 10.1.1.2 ip route 172.16.28.0 255.255.255.0 10.1.0.2 ! call rsvp-sync ! mgcp profile default ! dial-peer cor custom

As you can see, the remote router happens to have a couple of extra T1s that hang off it connecting to other sites; but those aren't relevant to the discussion here.

As always, thanks for your help guys!

Chris I'm not a routing expert, but I play one on T.V.