Table of Contents
Advertisement
Local ARP Overview
6.12 Local ARP Discard
6.12.1 Local ARP Overview
In certain configurations, an upstream router is configured to support Local ARP Proxy, which works as follows:
One subscriber will send an ARP for another subscriber's device over its VLAN.
•
The Router intercepts the ARP and replies on behalf of the second subscriber with the Router's MAC
•
address.
As a result, the first subscriber sends traffic to the second subscriber through the Router. (The Router can then
provide security policies, accounting, law enforcement monitoring, etc.)
In some cases, however, the second device is on the same interface/VLAN as the first subscriber (the same res-
idence), and the Router views both addresses.
This assumes a Bridge, rather than a Routing Gateway, is being used at the residence.
Note:
In this case, the ARP request would go to both the Router and the other device at the same residence. Both the
Router and the other residence device would reply, and the first device could end up sending traffic within the
same residence through the Router.
A solution to this problem is to have the SBx3112 learn the subscriber's IP addresses. These addresses can be
manually provisioned or learned using DHCP. By doing this, the SBx3112 can check the IP address, and if the
target IP address is on the same VLAN/interface, the packet is discarded.
The following figure provides a functional overview of the Local ARP Discard feature.
This scenario can exist in both a residence and business LAN configuration.
Note:
Software Reference for SwitchBlade x3100 Series Switches (Access and Security)
Introduction
6-161
Advertisement
Chapters
Table of Contents
Troubleshooting
