Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
cisco arp challenge
- Thread starter jferrill
- Start date
- Thread starter
- #3
This is the current setup
Below are a show run and show ARP from the router.
selltis2#sh run
Building configuration...
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router1
!
!
username Josh
ip subnet-zero
no ip source-route
!
!
!
interface Ethernet0
no ip address
no ip directed-broadcast
no ip proxy-arp
ip nat inside
shutdown
arp timeout 120
!
interface Ethernet1
ip address 68.x.x.x 255.255.255.224
ip access-group 112 out
no ip directed-broadcast
no ip proxy-arp
ip nat inside
!
interface Serial0
description ISP
ip address 68.x.x.x 255.255.255.252
no ip directed-broadcast
no ip proxy-arp
ip nat outside
encapsulation frame-relay IETF
logging event subif-link-status
logging event dlci-status-change
frame-relay lmi-type ansi
!
router igrp 1
redistribute connected
network 68.0.0.0
!
ip nat pool ISPNATPool 68.x.x.x 68.x.x.x netmask 255.255.255.224
ip nat inside source list 18 pool ISPNATPool
ip classless
ip route 0.0.0.0 0.0.0.0 x.x.x.x
!
!
line con 0
exec-timeout 120 0
transport input none
line vty 0 4
exec-timeout 0 0
password
login local
!
end
_____________________________________________
router1#clear arp
router1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 68.x.x.x - 0010.7bdf.2af7 ARPA Ethernet1
Internet 68.x.x.x - 0010.7bdf.2af7 ARPA Ethernet1
Internet 68.x.x.x - 0010.7bdf.2af7 ARPA Ethernet1
Internet 68.x.x.x 0 0040.1014.5890 ARPA Ethernet1
Internet 68.x.x.x 0 0040.1014.5890 ARPA Ethernet1
Internet 68.208.67.200 0 0040.1014.5890 ARPA Ethernet1
selltis2#
_________________________________________________
The only address actually assigned to the interface is 68.x.x.x, the .194 and .195 are examples of bogus entries.
The .200 is the Firewall, the .201 and .202 are defined 1 to 1 nat addresses, and the ARP entries are legitamate as the firewall should forward the traffic. If I keep defining nat addresses the ARP will keep filling up in sequence until it overlaps at .200
Other behavior, Ping is working through the router, but other services, such as our Radmin ap that runs on port 4899, is not. This may be my own misconfiguring though, and not related to the ARP problem.
Outbound everything works fine.
Below are a show run and show ARP from the router.
selltis2#sh run
Building configuration...
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router1
!
!
username Josh
ip subnet-zero
no ip source-route
!
!
!
interface Ethernet0
no ip address
no ip directed-broadcast
no ip proxy-arp
ip nat inside
shutdown
arp timeout 120
!
interface Ethernet1
ip address 68.x.x.x 255.255.255.224
ip access-group 112 out
no ip directed-broadcast
no ip proxy-arp
ip nat inside
!
interface Serial0
description ISP
ip address 68.x.x.x 255.255.255.252
no ip directed-broadcast
no ip proxy-arp
ip nat outside
encapsulation frame-relay IETF
logging event subif-link-status
logging event dlci-status-change
frame-relay lmi-type ansi
!
router igrp 1
redistribute connected
network 68.0.0.0
!
ip nat pool ISPNATPool 68.x.x.x 68.x.x.x netmask 255.255.255.224
ip nat inside source list 18 pool ISPNATPool
ip classless
ip route 0.0.0.0 0.0.0.0 x.x.x.x
!
!
line con 0
exec-timeout 120 0
transport input none
line vty 0 4
exec-timeout 0 0
password
login local
!
end
_____________________________________________
router1#clear arp
router1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 68.x.x.x - 0010.7bdf.2af7 ARPA Ethernet1
Internet 68.x.x.x - 0010.7bdf.2af7 ARPA Ethernet1
Internet 68.x.x.x - 0010.7bdf.2af7 ARPA Ethernet1
Internet 68.x.x.x 0 0040.1014.5890 ARPA Ethernet1
Internet 68.x.x.x 0 0040.1014.5890 ARPA Ethernet1
Internet 68.208.67.200 0 0040.1014.5890 ARPA Ethernet1
selltis2#
_________________________________________________
The only address actually assigned to the interface is 68.x.x.x, the .194 and .195 are examples of bogus entries.
The .200 is the Firewall, the .201 and .202 are defined 1 to 1 nat addresses, and the ARP entries are legitamate as the firewall should forward the traffic. If I keep defining nat addresses the ARP will keep filling up in sequence until it overlaps at .200
Other behavior, Ping is working through the router, but other services, such as our Radmin ap that runs on port 4899, is not. This may be my own misconfiguring though, and not related to the ARP problem.
Outbound everything works fine.
- Status
