In my last posts, I’ve explained ARP, Proxy-ARP and Gratuitous ARP and Now its turn to explain Local Proxy ARP.
What is Local-Proxy ARP?
Local-Proxy is a resolution process which works within the same IP subnet. Local Proxy ARP is disabled by default in a most of the network devices. It is used in the special type of network scenarios. Local Proxy ARP enables a node (Router or Switch) to answer ARP request on behalf of other nodes on the same subnet.
Where do we need Proxy-ARP?
– If we have got the network with Private VLAN and we want communication between Private VLANs.
– It is used in FTTH network where subscribers should not directly communicate but it can be possible through Router.
Primary it is used when the hosts in a layer 2 network are separated by Private VLANs or some other methods but we still want to make communication between separated VLAN’s hosts.
Requirements of Local-Proxy ARP:
– Proxy ARP must be enabled first. (Proxy ARP is enabled by default)
– ICMP Redirect will get disabled automatically when we enable Local Proxy ARP on the interface.
– Layer 3 interface
Imagine a scenario where layer 2 networks are separated by Private VLAN, Primary VLAN is 100, You have PC-A and PC-B in Community VLAN10, PC-C is in isolated VLAN20 and R1 is connected to the Promiscuous port.
All these devices are in 192.168.0.0/24
Secondary Community VLAN 10
PC-A – 192.168.0.1/24
PC-B – 192.168.0.2/24
Note – It allows to send and receive layer 2 data frame to any port in the same community and to Promiscuous port
Secondary Isolated VLAN 20
PC-C – 192.168.0.3/24
Note – It allows to communicate with Promiscuous port only
R1 – 192.168.0.254/24
Note – This is the port where Router connects. It allows sending the data frame to both Community and Isolated ports
R1 – Router is connected to promiscuous mode port so it can communicate with all VLANs ( Community, Isolated)
Now if we want to ping PC-A and PC-C, As a source PC-A will send an ARP broadcast asking that who is 192.168.0.3? Tell the MAC address. R1 will hear this ARP broadcast request on its layer 3 interface but It will keep silent and no action will be taken. R1 never passes the ARP broadcast in the different broadcast domain.
PC-A will never get the response because PC-C is in different Private VLAN (but not in different IP Subnet) and the router is not taking any responsibility to make it across to PC-C. This is where Local-Proxy comes in the picture.
If we enable Local-Proxy ARP on R1’s interface then It becomes possible to take the ARP request on behalf of PC-A and send it to PC-C but this will not keep community VLAN and Isolated VLAN separate. Local-Proxy ARP can be enabled to make communication between different Private VLAN but Private VLAN will lose visibility in this case. The administrator has to enable manual filtering on R1 to decide which traffic would be allowed in which VLAN as per his design plan.
The configuration of Local-Proxy ARP on Cisco Router IOS:
R1(config)# interface <if-name>
R1(config)# ip local-proxy-arp
To verify whether Local Proxy-ARP is enabled on the interface or not use the following commands
# show interface <if-name>
I hope this has been informative for you. If it seems helpful then Like, Share and Don’t forget to subscribe to my channel