- play_arrow Understanding Layer 2 Networking
- play_arrow Configuring MAC Addresses
- play_arrow Configuring MAC Learning
- play_arrow Configuring MAC Accounting
- play_arrow Configuring MAC Notification
- play_arrow Configuring MAC Table Aging
- play_arrow Configuring Learning and Forwarding
- play_arrow Configuring Bridging and VLANs
- play_arrow Configuring 802.1Q VLANs
- 802.1Q VLANs Overview
- 802.1Q VLAN IDs and Ethernet Interface Types
- Configuring Dynamic 802.1Q VLANs
- Enabling VLAN Tagging
- Configuring Tagged Interface with multiple tagged vlans and native vlan
- Sending Untagged Traffic Without VLAN ID to Remote End
- Configuring Tag Protocol IDs (TPIDs) on QFX Series Switches
- Configuring Flexible VLAN Tagging on PTX Series Packet Transport Routers
- Configuring an MPLS-Based VLAN CCC with Pop, Push, and Swap and Control Passthrough
- Binding VLAN IDs to Logical Interfaces
- Associating VLAN IDs to VLAN Demux Interfaces
- Configuring VLAN and Extended VLAN Encapsulation
- Configuring a Layer 2 VPN Routing Instance on a VLAN-Bundled Logical Interface
- Example: Configuring a Layer 2 VPN Routing Instance on a VLAN-Bundled Logical Interface
- Specifying the Interface Over Which VPN Traffic Travels to the CE Router
- Configuring Access Mode on a Logical Interface
- Configuring a Logical Interface for Trunk Mode
- Configuring the VLAN ID List for a Trunk Interface
- Configuring a Trunk Interface on a Bridge Network
- Configuring a VLAN-Bundled Logical Interface to Support a Layer 2 VPN Routing Instance
- Configuring a VLAN-Bundled Logical Interface to Support a Layer 2 VPN Routing Instance
- Configuring a Layer 2 Circuit on a VLAN-Bundled Logical Interface
- Example: Configuring a Layer 2 Circuit on a VLAN-Bundled Logical Interface
- Guidelines for Configuring VLAN ID List-Bundled Logical Interfaces That Connect CCCs
- Specifying the Interface to Handle Traffic for a CCC
- Specifying the Interface to Handle Traffic for a CCC Connected to the Layer 2 Circuit
- play_arrow Configuring Static ARP Table Entries
- play_arrow Configuring Gratuitous ARP
- play_arrow Adjusting the ARP Aging Timer
- play_arrow Configuring Tagged VLANs
- play_arrow Stacking and Rewriting Gigabit Ethernet VLAN Tags
- Stacking and Rewriting Gigabit Ethernet VLAN Tags Overview
- Stacking and Rewriting Gigabit Ethernet VLAN Tags
- Configuring Frames with Particular TPIDs to Be Processed as Tagged Frames
- Configuring Tag Protocol IDs (TPIDs) on PTX Series Packet Transport Routers
- Configuring Stacked VLAN Tagging
- Configuring Dual VLAN Tags
- Configuring Inner and Outer TPIDs and VLAN IDs
- Stacking a VLAN Tag
- Stacking Two VLAN Tags
- Removing a VLAN Tag
- Removing the Outer and Inner VLAN Tags
- Removing the Outer VLAN Tag and Rewriting the Inner VLAN Tag
- Rewriting the VLAN Tag on Tagged Frames
- Rewriting a VLAN Tag on Untagged Frames
- Rewriting a VLAN Tag and Adding a New Tag
- Rewriting the Inner and Outer VLAN Tags
- Examples: Stacking and Rewriting Gigabit Ethernet IQ VLAN Tags
- Understanding Transparent Tag Operations and IEEE 802.1p Inheritance
- Understanding swap-by-poppush
- Configuring IEEE 802.1p Inheritance push and swap from the Transparent Tag
- play_arrow Configuring Private VLANs
- Private VLANs
- Understanding Private VLANs
- Bridge Domains Setup in PVLANs on MX Series Routers
- Bridging Functions With PVLANs
- Flow of Frames on PVLAN Ports Overview
- Guidelines for Configuring PVLANs on MX Series Routers
- Configuring PVLANs on MX Series Routers in Enhanced LAN Mode
- Example: Configuring PVLANs with Secondary VLAN Trunk Ports and Promiscuous Access Ports on a QFX Series Switch
- IRB Interfaces in Private VLANs on MX Series Routers
- Guidelines for Configuring IRB Interfaces in PVLANs on MX Series Routers
- Forwarding of Packets Using IRB Interfaces in PVLANs
- Configuring IRB Interfaces in PVLAN Bridge Domains on MX Series Routers in Enhanced LAN Mode
- Example: Configuring an IRB Interface in a Private VLAN on a Single MX Series Router
- play_arrow Configuring Layer 2 Bridging Interfaces
- play_arrow Configuring Layer 2 Virtual Switch Instances
- play_arrow Configuring Link Layer Discovery Protocol
- play_arrow Configuring Layer 2 Protocol Tunneling
- play_arrow Configuring Virtual Routing Instances
- play_arrow Configuring Layer 3 Logical Interfaces
- play_arrow Configuring Routed VLAN Interfaces
- play_arrow Configuring Integrated Routing and Bridging
- play_arrow Configuring VLANS and VPLS Routing Instances
- play_arrow Configuring Multiple VLAN Registration Protocol (MVRP)
- play_arrow Configuring Ethernet Ring Protection Switching
- play_arrow Configuring Q-in-Q Tunneling and VLAN Translation
- play_arrow Configuring Redundant Trunk Groups
- play_arrow Configuring Proxy ARP
- play_arrow Configuring Layer 2 Interfaces on Security Devices
- play_arrow Configuring Security Zones and Security Policies on Security Devices
- play_arrow Configuring Ethernet Port Switching Modes on Security Devices
- play_arrow Configuring Ethernet Port VLANs in Switching Mode on Security Devices
- play_arrow Configuring Secure Wire on Security Devices
- play_arrow Configuring Reflective Relay on Switches
- play_arrow Configuring Edge Virtual Bridging
- play_arrow Troubleshooting Ethernet Switching
- play_arrow Configuration Statements and Operational Commands
Restricted and Unrestricted Proxy ARP Overview
By default, the Junos OS responds to an Address Resolution Protocol (ARP) request only if the destination address of the ARP request is local to the incoming interface.
For Ethernet Interfaces, you can configure the router or switches to proxy-reply to the ARP requests using the restricted or unrestricted proxy ARP configuration.
You might want to configure restricted or unrestricted proxy ARP for routers that act as provider edge (PE) devices in Ethernet Layer 2 LAN switching domains.
From Junos OS Release 10.0 onward, Junos OS does not respond to proxy ARP requests with the default route 0.0.0.0. This behavior is in compliance with RFC 1027.
Restricted Proxy ARP
Restricted proxy ARP enables the router or switch to respond to the ARP requests in which the physical networks of the source and target are not the same and the router or switch has an active route to the target address in the ARP request. The router does not reply if the target address is on the same subnet and the same interface as the ARP requestor.
Unrestricted Proxy ARP
Unrestricted proxy ARP enables the router or switch to respond to any ARP request, on condition that the router has an active route to the destination address of the ARP request. The route is not limited to the incoming interface of the request, nor is it required to be a direct route.
If you configure unrestricted proxy ARP, the proxy router replies to ARP requests for the target IP address on the same interface as the incoming ARP request. This behavior is appropriate for cable modem termination system (CMTS) environments, but might cause Layer 2 reachability problems if you enable unrestricted proxy ARP in other environments.
When an IP client broadcasts the ARP request across the Ethernet wire, the end node with the correct IP address responds to the ARP request and provides the correct MAC address. If the unrestricted proxy ARP feature is enabled, the router response is redundant and might fool the IP client into determining that the destination MAC address within its own subnet is the same as the address of the router.
While the destination address can be remote, the source address of the ARP request must be on the same subnet as the interface upon which the ARP request is received. For security reasons, this rule applies to both unrestricted and restricted proxy ARP.
Topology Considerations for Unrestricted Proxy ARP
In most situations, you should not configure the router or switch to perform unrestricted proxy ARP. Do so only for special situations, such as when cable modems are used. Figure 1 and Figure 2 show examples of situations in which you might want to configure unrestricted proxy ARP.
In Figure 1, the edge device is not running any IP protocols. In this case, you configure the core router to perform unrestricted proxy ARP. The edge device is the client of the proxy.
In Figure 2, the Broadband Remote Access Server (B-RAS) routers are not running any IP protocols. In this case, you configure unrestricted proxy ARP on the B-RAS interfaces. This allows the core device to behave as though it is directly connected to the end users.
