Configuring Proxy ARP

277 0 1 0

Configuration Procedure

Perform the following configuration tasks in any sequence.

Configuring Routed Proxy ARP

Context

When an enterprise network is divided into subnets, two subnets may belong to the same network segment but different physical networks. These two subnets are connected by a switch but cannot communicate with each other. To allow data packets destined for other subnets to be sent to the gateway and subsequently forwarded to the destination, you can modify the routing information about the hosts on the network. However, to implement this solution, you must configure routes for all hosts on the subnets, which is time consuming. Deploying routed proxy ARP on the gateway effectively solves this problem.

Routed proxy ARP allows communication between hosts whose IP addresses belong to the same network segment but different physical networks. In addition, the default gateway does not need to be configured on the hosts, facilitating management and maintenance.

Figure 3-15 shows an example of routed proxy ARP networking. In the figure:

  • The Switch connects to two subnets through IF1 and IF2.
  • The IP addresses of IF1 and IF2 belong to different network segments.
  • The IP address of Host_1 in subnet 1 belongs to the same network segment as the IF1 IP address.
  • The IP address of Host_2 in subnet 2 belongs to the same network segment as the IF2 IP address
  • The IP address of Host_1 in subnet 1 belongs to the same network segment as that of Host_2.
  • The default gateway is not configured on Host_1 and Host_2.

To enable the hosts in subnets 1 and 2 to communicate with each other, configure routed proxy ARP on the Switch.

Figure 3-15  Networking diagram of routed proxy ARP 
imgDownload?uuid=37d378eefc004bd2a007400

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The interface view is displayed.

  3. (Optional) On an Ethernet interface, run undo portswitch

    The interface is switched to Layer 3 mode.

    By default, an Ethernet interface works in Layer 2 mode.imgDownload?uuid=0efad33b4d6641529e96a50 NOTE:

    Only the S5720HI, S5720EI, S6720EI, and S6720S-EI support switching between Layer 2 and Layer 3 modes.

  4. Run ip address ip-address { mask | mask-length }

    An IP address is configured for the interface.

    The interface IP address must reside on the same network segment as the IP addresses of the hosts connected to the interface.

  5. Run arp-proxy enable

    Routed proxy ARP is enabled on the interface.

    By default, routed proxy ARP is disabled on an interface.

    After routed proxy ARP is enabled on the device, the aging time of ARP entries on hosts must be reduced. This ensures that invalid ARP entries are aged as soon as possible, reducing the number of packets that are sent to, and cannot be forwarded by the Switch.

Verifying the Configuration

Run the display this command in the interface view to verify whether routed proxy ARP is enabled on the interface.

Configuring Intra-VLAN Proxy ARP

Context

Users in the same VLAN cannot communicate with each other when port isolation is configured in the VLAN. Configure intra-VLAN proxy ARP on the interfaces associated with the VLAN to enable Layer 3 communication among users.

Figure 3-16 shows an example of a network running intra-VLAN proxy ARP. Host_1 and Host_2 belong to the same VLAN, but port isolation is configured between IF1 and IF2 that connect the Switch to Host_1 and Host_2. Configure intra-VLAN proxy ARP on the Switch so that Host_1 and Host_2 can communicate with each other.

Figure 3-16  Networking diagram of intra-VLAN proxy ARP 
imgDownload?uuid=2b6d2dc2163a4b3f9b5beef

In Figure 3-16Host_1 and Host_2 belong to the same VLAN, but port isolation is configured between IF1 and IF2. Configure intra-VLAN proxy ARP on the Switch so that Host_1 and Host_2 can communicate with each other.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The interface view is displayed.

  3. Run arp-proxy inner-sub-vlan-proxy enable

    Intra-VLAN proxy ARP is enabled.

    By default, intra-VLAN proxy ARP is disabled.

Verifying the Configuration

Run the display this command in the interface view to verify whether intra-VLAN proxy ARP is enabled.

Configuring Inter-VLAN Proxy ARP

Context

To implement Layer 3 communication among users on the same network segment but in different VLANs, enable inter-VLAN proxy ARP on the interface associated with the VLANs.

Figure 3-17 shows a network using inter-VLAN proxy ARP.

Figure 3-17  Networking diagram of inter-VLAN proxy ARP 
imgDownload?uuid=5efe0207621d4c96b0d3129

In Figure 3-17, Host_1 and Host_2 belong to the same network segment but different VLANs. Inter-VLAN proxy ARP is enabled on the Switch so that Host_1 and Host_2 can communicate with each other.

You can also configure VLANIF interfaces to implement Layer 3 communication among users in different VLANs. For details, see Configuring Inter-VLAN Communication in "VLAN Configuration" in the S1720, S2700, S5700, and S6720 V200R011C10 Configuration Guide - Ethernet Switching.

imgDownload?uuid=0efad33b4d6641529e96a50 NOTE:

Only the S5720SI, S5720S-SI, S5720EI, S5720HI, S5730SI, S5730S-EI, S6720SI, S6720S-SI, S6720EI, and S6720S-EI support the inter-VLAN proxy ARP.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The interface view is displayed.

  3. Run arp-proxy inter-sub-vlan-proxy enable

    Inter-VLAN proxy ARP is enabled.

    By default, inter-VLAN proxy ARP is disabled.

Verifying the Configuration

Run the display this command in the interface view to verify whether inter-VLAN proxy ARP is enabled.


  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top