Chapter 26 arp local proxy configuration, 1 introduction to arp local proxy function, Chapter 26 arp local proxy configuration -58 – PLANET XGS3-24042 User Manual

26-58

Chapter 26 ARP Local Proxy Configuration

26.1 Introduction to ARP Local Proxy function

In a real application environment, the switches in the aggregation layer are required to implement local ARP

proxy function to avoid ARP cheating. This function will restrict the forwarding of ARP messages in the same

vlan and thus direct the L3 forwarding of the data flow through the switch.

192.168.1.1

192.168.1.100

192.168.1.200

As shown in the figure above, PC1 wants to send an IP message to PC2, the overall procedure goes as

follows (some non-arp details are ignored)

1. Since PC1 does not have the ARP of PC2, it sends and broadcasts ARP request.

2. Receiving the ARP message, the switch hardware will send the ARP request to CPU instead of

forwarding this message via hardware, according to new ARP handling rules.

3. With local ARP proxy enabled, the switch will send ARP reply message to PC1 (to fill up its mac address)

4. After receiving the ARP reply, PC1 will create ARP, send an IP message, and set the destination MAC of

the Ethernet head as the MAC of the switch.

5. After receiving the ip message, the switch will search the router table (to create router cache) and

distribute hardware entries.

6. If the switch has the ARP of PC2, it will directly encapsulate the Ethernet head and send the message

(the destination MAC is that of PC2)

7. If the switch does not have the ARP of PC2, it will request it and then send the ip message.

This function should cooperate with other security functions. When users configure local ARP proxy on an

aggregation switch while configuring interface isolation function on the layer-2 switch connected to it, all ip

flow will be forwarded on layer 3 via the aggregation switch. And due to the interface isolation, ARP messages

will not be forwarded within the vlan, which means other PCs will not receive it.