代理ARP主要用於這種情況:當主機192.168.1.1向主機2.2.2.2 發送數據時,數據到達路由器接口e0/0(直連主機192.168.1.1),當路由器檢查目標IP地址發現該網段自己可達(又分爲2種情況:1.該網段在自己本地某一接口;2.該網段在自己某接口的對端),就會將本地接口e0/0的mac地址回覆給主機192.168.1.1,這樣,以後192.168.1.1主機到達2.2.2.2 都會從e0/0走。如果路由器收到192.168.1.1的數據包,發現自己也沒有到達2.2.2.2的路徑,就會啓用ARP Request向本地接口發送ARP請求,請求該地址2.2.2.2對應的MAC,如果2.2.2.2可達,某對端會回覆ARP響應,則路由器收穫了2.2.2.2對應的MAC(這時的MAC可能是對端路由器的代理ARP)之後再啓用代理ARP回覆給主機。
所以會產生我們第一次Ping某個地址的時候.!!!!這種情況,這第一個點其實是一個查詢的過程
總結:謹慎對待路由器的代理arp服務。
以下通過一個實驗來介紹:
R1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.1 - cc00.10ec.0000 ARPA Ethernet0/0
R1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 24/218/504 ms
R1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 2.2.2.2 0 cc00.12c4.0000 ARPA Ethernet0/0
Internet 192.168.1.1 - cc00.10ec.0000 ARPA Ethernet0/0
Internet 192.168.1.2 0 cc00.12c4.0000 ARPA Ethernet0/0
關閉R2 Ethernet0/0的代理arp功能,並且將R1的ethernet0/0shutdown並no shutdown一下,不然ARP CACHE裏面有記錄
R1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.1 - cc00.10ec.0000 ARPA Ethernet0/0
R1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R1#ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 64/182/376 ms
R1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 2.2.2.2 0 Incomplete ARPA
Internet 192.168.1.1 - cc00.10ec.0000 ARPA Ethernet0/0
Internet 192.168.1.2 0 cc00.12c4.0000 ARPA Ethernet0/0
附上R2 Ethernet0/0配置
R2#sh run int e0/0
Building configuration...
Current configuration : 97 bytes
!
interface Ethernet0/0
ip address 192.168.1.2 255.255.255.0
no ip proxy-arp 切記!謹慎對待這條命令!
half-duplex
end