Table of Contents
Advertisement
The following figure shows a network that can use either local proxy ARP or MAC-forced
forwarding—the examples in both the following sections refer to this network.
Local proxy ARP
In a network configuration like the previous figure, each
edge switch uses private VLANs to stop clients from talking
directly to each other. Private VLANs stop the edge switch
from flooding broadcast traffic, including clients' ARP
requests. Instead, the switch sends ARP requests out its
uplink port to the access router.
If local proxy ARP is configured on the access router, then the access router responds to
ARP requests with its own MAC address, instead of the destination device's MAC address.
This combination of private VLANs and local proxy ARP forces the clients to send all their
traffic to the access router. When the access router sees traffic from a client, it checks a list
of filters to determine whether to forward the traffic or drop it.
On each client residential gateway, you need to enable tagged VLANs on the connection to
the edge switch for the VLANs that the client should be able to access.
Create A Secure Network With Allied Telesis Managed Layer 3 Switches
Access
Router
Edge
Switch 1
49
50
Edge
Switch 3
49
50
Edge
Switch 2
Internet
24
5
20
1 2
LACP
Residential
1 2
Gateway 1
15
50
Residential
Gateway 2
49
14
15
Residential
Gateway 3
Management
PC
SIP and Multicast
server
Products
All switches listed on page 2
Software Versions
2.9.1 or later
Protecting the user
Client 1
Client 2
Client 3
macff.eps
20
- Quick Links:
- Using Private Vlans
Hide quick links:
Advertisement
Table of Contents
