?
Solved

Cisco Router ARP Configuration

Posted on 2003-03-13
9
Medium Priority
?
963 Views
Last Modified: 2008-03-06
I am trying to configure our Cisco 3640 router to associate with a new IP address on it's FastEthernet0/0 interface. It's presently configured to be 65.195.220.225, 226, 227, 228 and 229. I would like to add 230 as well, but I do not understand how to do it correctly. Here is a copy of the interface configs:

interface FastEthernet0/0
 ip address 65.195.220.225 255.255.255.224
 no ip directed-broadcast
 speed 100
 full-duplex


If I simply add an ARP command to the configuration, it seems to work, but not well. By that I mean that certain TCP based services do not function through the router. If I do a Show ARP

Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  65.195.220.228         41   0002.b325.d349  ARPA   FastEthernet0/0
Internet  65.195.220.229          -   0002.b325.d349  ARPA
Internet  65.195.220.226          3   0002.b325.d349  ARPA   FastEthernet0/0
Internet  65.195.220.227         41   0002.b325.d349  ARPA   FastEthernet0/0
Internet  65.195.220.225          -   0004.9ac1.80c1  ARPA   FastEthernet0/0

this is what's presented.

65.195.220.229 was added through an ARP statement in the config by me. The others were added by somebody else, in a different manner which I do not know. How might these other addresses been entered, and how would I enter more in the same way? Thanks.
0
Comment
Question by:poison1701
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 2

Expert Comment

by:jgarr
ID: 8131686
The arp cache is normally filled as devices are connected to the network. A workstation will send out an arp broadcast to the segment.
What is the 'arp command' that you are speaking of ? The only way that I can come up with to add an address to an interface is

ip address  65.195.220.230 255.255.255.224 secondary

This would assign .230 to the FastE interface.

Can you include the rest of your config for me to look at?
0
 

Author Comment

by:poison1701
ID: 8131761
Here is the whole router config:

Using 1171 out of 129016 bytes
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
!
!
!
!
!
!
ip subnet-zero
ip domain-name ALTER.NET
ip name-server 198.6.100.21
ip name-server 198.6.100.37
!
!
!
!
interface FastEthernet0/0
 ip address 65.195.220.225 255.255.255.224
 no ip directed-broadcast
 speed 100
 full-duplex
!
interface Serial0/0
 no ip address
 no ip directed-broadcast
 encapsulation frame-relay IETF
 no ip mroute-cache
 no fair-queue
 frame-relay lmi-type ansi
!
interface Serial0/0.1 point-to-point
 bandwidth 1536
 ip unnumbered FastEthernet0/0
 no ip directed-broadcast
 frame-relay interface-dlci 500 IETF
!
interface FastEthernet0/1
 no ip address
 no ip directed-broadcast
 shutdown
 speed auto
 full-duplex
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0.1
ip route 10.1.1.0 255.255.255.0 65.195.220.226
no ip http server
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
arp 65.195.220.229 0002.b325.d349 ARPA
!
line con 0
 transport input none
line aux 0
line vty 0 4
 login
!
end
 
That's it.. The serial interface is connected to our internet connection, and the fast ethernet is connected via a cross-over cable directly to our firewall which performs NAT. So on the firewall I have rules set up to translate 10.1.1.x addresses to 65.195.220.2xx addresses. I need the router to accept traffic for a new server, which internally is 10.1.1.5, and is translated through the firewall as 65.195.220.230. I want the router to accept traffic on the new address (yes, it is allocated to us by our ISP) You will see the Arp statement in the config, that is the only way that I can seem to get it to work. Thanks
0
 
LVL 5

Expert Comment

by:rrhunt28
ID: 8132173
Wouldnt you want to change your NAT table?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Expert Comment

by:jgarr
ID: 8132468
rrhunt, I would think so.

nat the outside address to the inside..
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8133331
What kind of firewall do you have?
The firewall's proxy arp feature, if the static nat entry is correct, should provide that arp entry to the router.
0
 

Expert Comment

by:younggun
ID: 8143386
Base on your show arp command,

65.195.220.225          -   0004.9ac1.80c1  ARPA  
is your FE int so its does not have a timeout value.

65.195.220.229          -   0002.b325.d349  ARPA
becoz u config this manually this into the router, so it does not have a timeout also.

65.195.220.226          3   0002.b325.d349  ARPA    
this is your FW address, which the router learned.

65.195.220.228         41   0002.b325.d349  ARPA      65.195.220.227         41   0002.b325.d349  ARPA  
these 2 ip address point to the same MAC as the FW, meaning the router also learn that to go to this 2 address, it must send to your FW.

Did you add a nat for the 65.195.220.229 in the FW? Maybe adding this will cause the FW to reply to the arp of 65.195.220.229, since it know how to forward it.
0
 
LVL 5

Expert Comment

by:epylko
ID: 8154657
Perhaps the firewall doesn't do proxy arp.

If that's the case, put a static route on your router to route all those IP addresses to your firewall.  This isn't the best static route statement, but it should work:

ip route 65.195.220.224 255.255.255.224 65.195.220.226

(assuming of course that your FW is .226)

-Eric
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8637213
poison1701,
No comment has been added lately (78 days), so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area for this question:

RECOMMENDATION: PAQ/No Refund

Please leave any comments here within 7 days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Thanks,

lrmoore
EE Cleanup Volunteer
---------------------
If you feel that your question was not properly addressed, or that none of the comments received were appropriate answers, please post a request in Community support (with a link to this page) to refund your points. http://www.experts-exchange.com/Community_Support/
0
 

Accepted Solution

by:
SpideyMod earned 0 total points
ID: 8713394
per recommendation

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question