ARP on behalf

Saw this, wondering what is up with this.

172.25.22.1 ---------> Broadcast     Who has 172.25.42.53? Tell 172.25.42.1



Note that we are running two DHCP scopes here on the same DHCP server.
172.25.22.5-172.25.22.150
172.25.42.5-172.25.42.150
 One physical network, 2 logicals.
Thanks
dissolvedAsked:
Who is Participating?
 
PennGwynConnect With a Mentor Commented:
I'm guessing that 172.25.22.1 and 172.25.42.1 are primary and secondary addresses on the same physical interface of the router.

The router wants to talk to 172.25.42.53, so it sends an ARP request.  172.25.42.1 is the router address on that subnet, so that's where the reply should go.

However, because 172.25.22.1 is the router's primary address on that port, it gets filled in as the source of the message.

0
 
JMellinConnect With a Mentor Commented:
As I would guess 172.25.42.1 have made a ARP request for 172.25.42.53. This is intercepted by 172.25.22.1 which is on another subnet but same physical network, ARP is a physical broadcast seen by all regardless of IP network.

Normally this would be ignored by the IP Protocol but perhaps 172.25.22.1 is a router with a sort of proxy-ARP feature.
It will then try to help negotiate mac address information (not route) between hosts on different subnets.

Regards
Johan
0
 
dissolvedAuthor Commented:
But if its a broadcast, and 172.25.42.0 and 172.25.22.0 are differerent networks, how did 172.25.22.1 see the broadcast???

I found out these two networks are on separate VLANs. Perhaps the router is doing inter-vlan routing. But even then, would it pass broadcasts in between them?
Thanks
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Tim HolmanConnect With a Mentor Commented:
172.25.22.1 ---------> Broadcast     Who has 172.25.42.53? Tell 172.25.42.1


1)  172.25.22.1 looks for 172.25.42.53
2)  Immediately knows this is not on the same subnet, so sends to default router
3)  Default router knows about 172.25.42.x, so issues ARP
4)  172.25.42.x responds to router with MAC address
5)  Router ARP table updated
6)  172.25.22.1 can now talk to 172.25.42.53
0
 
dissolvedAuthor Commented:
default router is 172.25.22.1. I'm thinking 172.25.42.1 is a sub-interface on the e0 of the cisco router (172.25.22.1)
0
 
dissolvedAuthor Commented:
We are running VLANs and have our router (172.25.22.1) with a sub interface on the e0


172.25.22.1 ---------> Broadcast     Who has 172.25.42.53? Tell 172.25.42.1


1)  172.25.42.1 looks for 172.25.42.53
2)  However, since 172.25.42.1 is a sub-interface, 172.25.22.1 is shown as issuing the ARP request
3)  172.25.42.53 responds to 172.25.22.1 with it's physical address.

is this possible?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.