arp代理测试及实验效果

ARP代理通俗地说，就是由中间设备代替其他主机或无路由能力的网络设备响应arp请求。下图展现了ARP代理的过程：

PC1与R2的f0/0是直接，10.10.12.0/24 PC1的网关为10.10.12.2 且R2默认F0/0开启ARP-proxy。

R2与R3间模拟广域网，R3的loopbackup 0  模拟为internet上的一台主机。

R2与R3使用OSOF动态路由，且全网宣告。

第一部：pc1 ping  R3的loopback 0  202.108.0.1 .由于默认开启arp-proxy。所有R2的F0/0代理           202.108.0.1回应给PC1

interface FastEthernet0/0

ip address 10.10.12.2 255.255.255.0

duplex auto

speed auto

end

R2#sh run int f1/0

Building configuration...

Current configuration : 97 bytes

!

interface FastEthernet1/0

ip address 220.181.75.2 255.255.255.0

duplex auto

speed auto

end

R2#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

      D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

      N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

      E1 - OSPF external type 1, E2 - OSPF external type 2

      i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

      ia - IS-IS inter area, * - candidate default, U - per-user static route

      o - ODR, P - periodic downloaded static route

PC1#ping 202.108.0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 202.108.0.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 24/43/56 ms

PC1#sh ip route

Default gateway is not set

Host               Gateway           Last Use    Total Uses  Interface

ICMP redirect cache is empty

从实验现象看PC1可以ping通202.108.0.1，且PC上差没有路由指向该主机，说明R2的F0/0做了arp-proxy。

以下是在R2上进行ARP debug的结果，可以看出R2接收到PC1的ARP请求，并代理202.108.0.1回复ARP请求。

R2#debug arp

ARP packet debugging is on

*Mar  1 01:11:06.043: IP ARP: rcvd req src 10.10.12.1 cc00.1270.0000, dst 202.108.0.1 FastEthernet0/0

*Mar  1 01:11:06.047: IP ARP: sent rep src 202.108.0.1 cc01.1270.0000,

                dst 10.10.12.1 cc00.1270.0000 FastEthernet0/0

第二部：关闭R2上F0/0 的ARP-proxy  

     

R2(config)#int f0/0

R2(config-if)#no ip proxy-arp

PC1#ping 202.108.0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 202.108.0.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

以下是R2上关闭ARP-proxy后的结果，R2依然收到PC1的ARP请求，但是由于关闭APR-PROXY，并未做出回应。

R2(config-if)#no ip proxy-arp

R2(config-if)#

*Mar  1 01:46:34.615: IP ARP: rcvd rep src 10.10.12.1 cc00.1270.0000, dst 10.10.12.1 FastEthernet0/0

*Mar  1 01:46:34.619: IP ARP: rcvd rep src 10.10.12.1 cc00.1270.0000, dst 10.10.12.1 FastEthernet0/0

R2(config-if)#

*Mar  1 01:46:39.155: IP ARP: rcvd req src 10.10.12.1 cc00.1270.0000, dst 202.108.0.1 FastEthernet0/0

R2(config-if)#

*Mar  1 01:46:41.127: IP ARP: rcvd req src 10.10.12.1 cc00.1270.0000, dst 202.108.0.1 FastEthernet0/0