Table of Contents
Advertisement
Chapter 25 ARP Local Proxy Configuration
25.1 Introduction to ARP Local Proxy function
In a real application environment, the switches in the aggregation layer are required to implement local ARP
proxy function to avoid A RP cheating. This function will restrict the forwarding of ARP messages in the same
vlan and thus direct the L3 forwarding of the data flow through the switch.
As shown in the figure above, PC1 wants to send an IP message to PC2, the overall procedure goes as
follows (some non-arp details are ignored)
1. Since PC1 does not have the ARP of PC2, it sends and broadc asts ARP request.
2. Receiving the ARP message, the switch hardware will send the ARP request to CPU instead of
forwarding this message via hardware, according to new ARP handling rules.
3. With local ARP proxy enabled, the switch will send ARP reply message to PC1 (to fill up its mac address)
4. After rec eiving the ARP reply, PC1 will create ARP, send an IP message, and set the destination MA C of
the Ethernet head as the MAC of the switch.
5. After receiving the ip message, the switch will searc h the router table (to create rout er cache) and
distribute hardware entries.
6. If the switch has the ARP of PC2, it will directly encapsulate the Ethernet head and send the message
(the destination MA C is that of PC2)
7. If the s witch does not have the A RP of PC2, it will request it and then send the ip message.
This function should cooperate wit h other security functions. When users configure local A RP proxy on an
aggregation s witch while configuring interface isolation function on the layer-2 switch connected to it, all ip
flow will be forwarded on layer 3 via the aggregation switch. And due to the interface isolation, ARP messages
will not be forwarded within the vlan, which means other PCs will not receive it.
192.168.1.100
25-1
192.168.1.1
192.168.1.200
Advertisement
Table of Contents
Troubleshooting
