Author Topic: What is Proxy ARP?  (Read 917 times)


  • Brown belt
  • ******
  • Posts: 668
  • Karma: +0/-0
What is Proxy ARP?
« on: January 07, 2016, 03:28:20 AM »
What is Proxy ARP?


  • Blue Belt
  • ****
  • Posts: 107
  • Karma: +0/-0
Re: What is Proxy ARP?
« Reply #1 on: January 07, 2016, 06:00:11 AM »
Proxy ARP is a technique by which a device on a given network answers the ARP queries for a network address that is not on that network. The ARP Proxy is aware of the location of the traffic's destination, and offers its own MAC address as (ostensibly final) destination.


  • Green Belt
  • *****
  • Posts: 261
  • Karma: +0/-0
Re: What is Proxy ARP?
« Reply #2 on: January 07, 2016, 08:09:38 AM »

This document requires an understanding of the ARP and Ethernet environment.
Components Used

The information in this document is based on these software and hardware versions:

    Cisco IOSŪ Software Release 12.2(10b)

    Cisco 2500 Series Routers

The information presented in this document was created from devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If you are working in a live network, ensure that you understand the potential impact of any command before using it.

Refer to Cisco Technical Tips Conventions for more information on document conventions.

How Does Proxy ARP Work?
The Host A ( on Subnet A needs to send packets to Host D ( on Subnet B. As shown in the diagram, Host A has a /16 subnet mask. What this means is that Host A believes that it is directly connected to all of network When Host A needs to communicate with any devices it believes are directly connected, it sends an ARP request to the destination. Therefore, when Host A needs to send a packet to Host D, Host A believes that Host D is directly connected, so it sends an ARP request to Host D.

In order to reach Host D (, Host A needs the MAC address of Host D.

Therefore, Host A broadcasts an ARP request on Subnet A, as shown:
Sender's MAC Address    Sender's IP Address    Target MAC Address    Target IP Address
00-00-0c-94-36-aa    00-00-00-00-00-00

In this ARP request, Host A ( requests that Host D ( send its MAC address. The ARP request packet is then encapsulated in an Ethernet frame with the MAC address of Host A as the source address and a broadcast (FFFF.FFFF.FFFF) as the destination address. Since the ARP request is a broadcast, it reaches all the nodes in the Subnet A, which includes the e0 interface of the router, but does not reach Host D. The broadcast does not reach Host D because routers, by default, do not forward broadcasts.

Since the router knows that the target address ( is on another subnet and can reach Host D, it replies with its own MAC address to Host A.
Sender's MAC Address    Sender's IP Address    Target MAC Address    Target IP Address
00-00-0c-94-36-ab    00-00-0c-94-36-aa

This is the Proxy ARP reply that the router sends to Host A. The proxy ARP reply packet is encapsulated in an Ethernet frame with MAC address of the router as the source address and the MAC address of Host A as the destination address. The ARP replies are always unicast to the original requester.

Upon receipt of this ARP reply, Host A updates its ARP table, as shown:
IP Address    MAC Address    00-00-0c-94-36-ab

From now on, Host A forwards all the packets that it wants to reach (Host D) to the MAC address 00-00-0c-94-36-ab (router). Since the router knows how to reach Host D, the router forwards the packet to Host D. The ARP cache on the hosts in Subnet A is populated with the MAC address of the router for all the hosts on Subnet B. Hence, all packets destined to Subnet B are sent to the router. The router forwards those packets to the hosts in Subnet B.

The ARP cache of Host A is shown in this table:
IP Address    MAC Address    00-00-0c-94-36-ab    00-00-0c-94-36-ab    00-00-0c-94-36-ab    00-00-0c-94-36-bb

Note: Multiple IP addresses are mapped to a single MAC address, the MAC address of this router, which indicates that proxy ARP is in use.

The interface of the Cisco must be configured to accept and respond to proxy ARP. This is enabled by default. The no ip proxy-arp command must be configured on the interface of the router connected to the ISP router. Proxy ARP can be disabled on each interface individually with the interface configuration command no ip proxy-arp, as shown:

    Router# configure terminal
    Enter configuration commands, one per line.  End with CNTL/Z.
    Router(config)# interface ethernet 0
    Router(config-if)# no ip proxy-arp
    Router(config-if)# ^Z

In order to enable proxy ARP on an interface, issue the ip proxy-arp interface configuration command.

Note: When Host B ( on Subnet A tries to send packets to destination Host D ( on Subnet B, it looks into its IP routing table and routes the packet accordingly. Host B ( does not ARP for Host D IP address because it belongs to a different subnet than what is configured on Host B ethernet interface