OcNOS-RON : System Management Guide : System Management Configuration Guide : Proxy ARP and Local Proxy ARP
Proxy ARP and Local Proxy ARP
Overview
Proxy ARP (RFC 1027) is a technique by which a device on a given network answers the ARP queries for a network address that is not on that network. The Proxy ARP is aware of the location of the traffic's destination, and offers its own MAC address as destination. The captured traffic is then typically routed by the Proxy to the intended destination via another interface. Proxy ARP can help machines on a subnet reach remote subnets without the need to configure routing or a default gateway.
Use no ip proxy-arp to disable Proxy ARP, Proxy ARP is disabled by default.
Topology
Sample topology
Configuration
Host A
 
#configure terminal
Enter configure mode
(config)#interface xe1
Enter interface mode
(config-if)#ip address 20.20.0.2/24
Assign an IPv4 address to the interface
(config)#end
Exit interface and configure mode
Host B
 
#configure terminal
Enter configure mode
(config)#interface xe1
Enter interface mode
(config-if)#ip address 20.20.1.2/24
Assign an IPv4 address to the interface
(config)#end
Exit interface and configure mode
Proxy ARP Server
 
#configure terminal
Enter configure mode
(config)#interface xe1
Enter interface mode
(config-if)#ip address 20.20.0.1/24
Assign an IPv4 address to the interface
(config-if)#ip proxy-arp
Enable proxy ARP
(config-if)#exit
Exit interface mode
(config-if)#interface xe2
Enter interface mode
(config-if)#ip address 20.20.1.1/24
Assign an IPv4 address to the interface
(config)#end
Exit interface and configure mode
Validation
#show running-config arp
!
interface xe1
ip proxy-arp
!
The show arp command on the hosts shows the ARP table entries to reach different subnets. Ping Host B from Host A. The ARP table should have router’s xe1 interface MAC address to reach Host B. Execute the command at Host A.
#show arp
 
Address HWaddress Interface Type
20.20.0.2 52:54:00:24:43:23 eth1 Dynamic
192.168.52.1 fe:54:00:0d:1e:dc eth0 Dynamic
Local Proxy ARP Overview
The local proxy ARP feature enables local proxy support for ARP requests at the interface level. The router answers all ARP requests on the configured subnet, even for clients that should not normally need routing. Local proxy ARP means that the traffic comes in and goes out the same interface.
Local proxy ARP allows responding to ARP requests for IP addresses within a subnet where normally no routing is required. With the local proxy ARP feature enabled, ARP responds to all ARP requests for IP addresses within the subnet and forwards all traffic between hosts in the subnet. Use this feature only on subnets where hosts are intentionally prevented from communicating directly.
Topology
Sample topology
Configuration
Host A
 
#configure terminal
Enter configure mode
(config)#interface xe1
Enter interface mode
(config-if)#ip address 20.20.0.2/24
Assign an IPv4 address to the interface
(config)#end
Exit interface and configure mode
Host B
 
#configure terminal
Enter configure mode
(config)#interface xe1
Enter interface mode
(config-if)#ip address 20.20.0.3/24
Assign an IPv4 address to the interface
(config)#end
Exit interface and configure mode
Switch Private VLAN
 
#configure terminal
Enter configure mode
(config)#bridge 1 protocol ieee vlan-bridge
Create ieee vlan-bridge on switch for pvlan configuration
(config)#vlan database
Enter VLAN database mode
(config-vlan)#vlan 100-101 bridge 1 state enable
Create VLANs 100 and 101 as part of bridge 1
(config-vlan)#private-vlan 100 primary bridge 1
Configure VLAN 100 as primary VLAN
(config-vlan)#private-vlan 101 isolated bridge 1
Configure VLAN 101 as isolated VLAN
(config-vlan)#private-vlan 100 association add 101 bridge 1
Associate secondary VLAN 101 to primary VLAN 100
(config-vlan)#exit
Exit VLAN database mode
(config)#interface xe1
Enter interface mode
(config-if)#switchport
Configure xe1 as a Layer 2 interface
(config-if)#bridge-group 1
Associate the interface to the bridge
(config-if)#switchport access vlan 100
Associate primary VLAN to the interface
(config-if)#switchport mode private-vlan promiscuous
Make the interface a promiscuous port
(config-if)#switchport private-vlan mapping 100 add 101
Associate primary VLAN 100 and secondary VLAN 101 to a promiscuous port
(config-if)#exit
Exit interface mode
(config)#interface xe2
Enter interface mode
(config-if)#switchport
Make the interface a Layer 2 interface
(config-if)#bridge-group 1
Associate the interface to the bridge
(config-if)#switchport access vlan 100
Associate primary VLAN to the interface
(config-if)#switchport mode private-vlan promiscuous
Make the interface a promiscuous port
(config-if)#switchport private-vlan mapping 100 add 101
Associate primary VLAN 100 and secondary VLAN 101 to a promiscuous port
(config-if)#exit
Exit interface mode
(config)#interface xe3
Enter interface mode
(config-if)#switchport
Make the interface a Layer 2 interface
(config-if)#bridge-group 1
Associate the interface to the bridge
(config-if)#switchport access vlan 100
Associate primary VLAN to the interface
(config-if)#switchport mode private-vlan promiscuous
Make the interface a promiscuous port
(config-if)#switchport private-vlan mapping 100 add 101
Associate primary VLAN 100 and secondary VLAN 101 to a promiscuous port
(config-if)#exit
Exit interface mode
Router Local Proxy ARP
 
#configure terminal
Enter configure mode
(config)#interface xe1
Enter interface mode
(config-if)#ip address 20.20.0.3/24
Assign an IPv4 address to the interface
(config-if)#ip local-proxy-arp
Enable local proxy ARP
(config)#end
Exit interface and configure mode
Validation
The show arp command on hosts shows the arp table entries to reach different subnets. Ping Host B from Host A. The ARP table should have Router’s xe1 interface MAC address to reach Host B. Execute the below command at Host A.
#show arp
 
Flags: D - Static Adjacencies attached to down interface
 
IP ARP Table for context default
Total number of entries: 2
Address Age MAC Address Interface State
20.20.0.3 00:02:39 ecf4.bbc0.3d71 xe1 STALE.