Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 254
  • Last Modified:

ARP requests to proxy-arp interface fails

I have a point-to-point T1 line with two Cisco 1601 routers on either end.  

Router 1 has IP address 192.168.10.11/24 on both Ser1 and Eth0, set to bridge
Router 2 has IP address 192.168.10.22/24 on both Ser1 and Eth0, set to bridge
Device A has IP address 192.168.10.15/24
Device B has IP address 192.168.10.25/24


Device A
                |
            Router 1
                      |
                      |
            Router 2
               |
Device B

I can see MAC addresses of Device A from Device B and vice versa.  I can get the MAC address of Router 1 from Device A, but cannot get the MAC address of Router 2 from Device A.

Is that due to the fact that both the Eth0 and Ser1 interfaces of Router 2 have the same IP address?  Can I safely remove the IP addresses from the ser1 interfaces without screwing things up?

I need to see both routers from Device A for SNMP purposes.

Help!
0
Free_Iraq
Asked:
Free_Iraq
  • 5
  • 5
1 Solution
 
lrmooreCommented:
Are you using "ip unnumbered eth 0" on the serial interfaces?

It would be much better for you if you routed with different subnets on each site instead of bridging.

Can you ping router 2 from device A?
0
 
Free_IraqAuthor Commented:
No, the interfaces are numbered - is that the problem?

Traffic over this link is low and bursty, and for the time being, IP addressing is tight enough that I can't afford to subnet.  I am not concerned about broadcasts over the link, as there are few hosts on either side.

No, I cannot ping router 2 from device A, (Destination unreachable) because it is not getting an ARP reply from it.  (Says address is "incomplete" when I check the ARP cache.)
0
 
lrmooreCommented:
Can you paste the config from router 2?
If you are bridging, you can use "no ip address" on your serial interfaces with no problem.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
Free_IraqAuthor Commented:
myrouter#sh run
Building configuration...

Current configuration:
!
version 11.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname myrouter
!
enable secret <it's a secret!>
enable password <it's a secret!>
ip subnet-zero
no ip routing
no ip domain-lookup
!
interface Ethernet0
 ip address 192.168.10.22 255.255.255.0
 no ip route-cache
 no keepalive
 bridge-group 1
!
interface Serial0
 no ip address
 no ip route-cache
 shutdown
!
interface Serial1
 description leased line to datacenter
 ip address 192.168.10.22 255.255.255.0
 no ip route-cache
 no keepalive
 no fair-queue
 service-module t1 clock source internal
 bridge-group 1
!
ip classless
ip http server
logging buffered 4096 debugging
snmp-server community public RO
bridge 1 protocol ieee
bridge 1 forward-time 10
bridge 1 priority 128
!
line con 0
 password <it's a secret!>
 login
line vty 0 4
 password <it's a secret!>
 login
!
end
0
 
Free_IraqAuthor Commented:
Ok, I have put "no ip addr" on each serial interface, but no luck... issue still occurring.  I was able to telnet from device B to both routers, now I can only telnet to router 2.  (I can still telnet to router 1 from device A, though, so I haven't lost the ability to control it.)
0
 
lrmooreCommented:
How about instead of no ip address, change  serial interfaces to
ip unnumbered eth 0


0
 
Free_IraqAuthor Commented:
OK, that made it so I can successfully ping both routers from host B, but I still cannot ping router 2 from host A.

Would it be a bad thing to put a static ARP entry on router 1 for router 2, and vice-versa?  They are not in each other's ARP cache, and I think that's significant.  (Maybe therefore they cannot pass the ARP entry for the other router to pass to the far host?)
0
 
lrmooreCommented:
Some progress is better than none. Can't hurt to try with a static arp entry, or you might just need to flush both sides and let them re-build themselves with "clear arp"
0
 
Free_IraqAuthor Commented:
Thanks for the help - I really needed someone to bounce crap in my head off... static ARP entry did the trick!

-thanks again
0
 
lrmooreCommented:
Glad to help!
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now