- play_arrow Understanding Layer 2 Networking
- play_arrow Configuring MAC Addresses
- play_arrow Configuring MAC Learning
- play_arrow Configuring MAC Accounting
- play_arrow Configuring MAC Notification
- play_arrow Configuring MAC Table Aging
- play_arrow Configuring Learning and Forwarding
- play_arrow Configuring Bridging and VLANs
- play_arrow Configuring 802.1Q VLANs
- 802.1Q VLANs Overview
- 802.1Q VLAN IDs and Ethernet Interface Types
- Configuring Dynamic 802.1Q VLANs
- Enabling VLAN Tagging
- Configuring Tagged Interface with multiple tagged vlans and native vlan
- Sending Untagged Traffic Without VLAN ID to Remote End
- Configuring Tag Protocol IDs (TPIDs) on QFX Series Switches
- Configuring Flexible VLAN Tagging on PTX Series Packet Transport Routers
- Configuring an MPLS-Based VLAN CCC with Pop, Push, and Swap and Control Passthrough
- Binding VLAN IDs to Logical Interfaces
- Associating VLAN IDs to VLAN Demux Interfaces
- Configuring VLAN and Extended VLAN Encapsulation
- Configuring a Layer 2 VPN Routing Instance on a VLAN-Bundled Logical Interface
- Example: Configuring a Layer 2 VPN Routing Instance on a VLAN-Bundled Logical Interface
- Specifying the Interface Over Which VPN Traffic Travels to the CE Router
- Configuring Access Mode on a Logical Interface
- Configuring a Logical Interface for Trunk Mode
- Configuring the VLAN ID List for a Trunk Interface
- Configuring a Trunk Interface on a Bridge Network
- Configuring a VLAN-Bundled Logical Interface to Support a Layer 2 VPN Routing Instance
- Configuring a VLAN-Bundled Logical Interface to Support a Layer 2 VPN Routing Instance
- Configuring a Layer 2 Circuit on a VLAN-Bundled Logical Interface
- Example: Configuring a Layer 2 Circuit on a VLAN-Bundled Logical Interface
- Guidelines for Configuring VLAN ID List-Bundled Logical Interfaces That Connect CCCs
- Specifying the Interface to Handle Traffic for a CCC
- Specifying the Interface to Handle Traffic for a CCC Connected to the Layer 2 Circuit
- play_arrow Configuring Static ARP Table Entries
- play_arrow Configuring Restricted and Unrestricted Proxy ARP
- play_arrow Configuring Gratuitous ARP
- play_arrow Adjusting the ARP Aging Timer
- play_arrow Configuring Tagged VLANs
- play_arrow Stacking and Rewriting Gigabit Ethernet VLAN Tags
- Stacking and Rewriting Gigabit Ethernet VLAN Tags Overview
- Stacking and Rewriting Gigabit Ethernet VLAN Tags
- Configuring Frames with Particular TPIDs to Be Processed as Tagged Frames
- Configuring Tag Protocol IDs (TPIDs) on PTX Series Packet Transport Routers
- Configuring Stacked VLAN Tagging
- Configuring Dual VLAN Tags
- Configuring Inner and Outer TPIDs and VLAN IDs
- Stacking a VLAN Tag
- Stacking Two VLAN Tags
- Removing a VLAN Tag
- Removing the Outer and Inner VLAN Tags
- Removing the Outer VLAN Tag and Rewriting the Inner VLAN Tag
- Rewriting the VLAN Tag on Tagged Frames
- Rewriting a VLAN Tag on Untagged Frames
- Rewriting a VLAN Tag and Adding a New Tag
- Rewriting the Inner and Outer VLAN Tags
- Examples: Stacking and Rewriting Gigabit Ethernet IQ VLAN Tags
- Understanding Transparent Tag Operations and IEEE 802.1p Inheritance
- Understanding swap-by-poppush
- Configuring IEEE 802.1p Inheritance push and swap from the Transparent Tag
- play_arrow Configuring Private VLANs
- Private VLANs
- Understanding Private VLANs
- Bridge Domains Setup in PVLANs on MX Series Routers
- Bridging Functions With PVLANs
- Flow of Frames on PVLAN Ports Overview
- Guidelines for Configuring PVLANs on MX Series Routers
- Configuring PVLANs on MX Series Routers in Enhanced LAN Mode
- Example: Configuring PVLANs with Secondary VLAN Trunk Ports and Promiscuous Access Ports on a QFX Series Switch
- IRB Interfaces in Private VLANs on MX Series Routers
- Guidelines for Configuring IRB Interfaces in PVLANs on MX Series Routers
- Forwarding of Packets Using IRB Interfaces in PVLANs
- Configuring IRB Interfaces in PVLAN Bridge Domains on MX Series Routers in Enhanced LAN Mode
- Example: Configuring an IRB Interface in a Private VLAN on a Single MX Series Router
- play_arrow Configuring Layer 2 Bridging Interfaces
- play_arrow Configuring Layer 2 Virtual Switch Instances
- play_arrow Configuring Link Layer Discovery Protocol
- play_arrow Configuring Layer 2 Protocol Tunneling
- play_arrow Configuring Virtual Routing Instances
- play_arrow Configuring Layer 3 Logical Interfaces
- play_arrow Configuring Routed VLAN Interfaces
- play_arrow Configuring Integrated Routing and Bridging
- play_arrow Configuring VLANS and VPLS Routing Instances
- play_arrow Configuring Multiple VLAN Registration Protocol (MVRP)
- play_arrow Configuring Ethernet Ring Protection Switching
- play_arrow Configuring Q-in-Q Tunneling and VLAN Translation
- play_arrow Configuring Redundant Trunk Groups
- play_arrow Configuring Layer 2 Interfaces on Security Devices
- play_arrow Configuring Security Zones and Security Policies on Security Devices
- play_arrow Configuring Ethernet Port Switching Modes on Security Devices
- play_arrow Configuring Ethernet Port VLANs in Switching Mode on Security Devices
- play_arrow Configuring Secure Wire on Security Devices
- play_arrow Configuring Reflective Relay on Switches
- play_arrow Configuring Edge Virtual Bridging
- play_arrow Troubleshooting Ethernet Switching
- play_arrow Configuration Statements and Operational Commands
Proxy ARP
Understanding Proxy ARP
You can configure proxy Address Resolution Protocol (ARP) to enable the switch to respond to ARP queries for network addresses by offering its own Ethernet media access control (MAC) address. With proxy ARP enabled, the switch captures and routes traffic to the intended destination.
Proxy ARP is useful in situations where hosts are on different physical networks and you do not want to use subnet masking. Because ARP broadcasts are not propagated between hosts on different physical networks, hosts will not receive a response to their ARP request if the destination is on a different subnet. Enabling the switch to act as an ARP proxy allows the hosts to transparently communicate with each other through the switch. Proxy ARP can help hosts on a subnet reach remote subnets without your having to configure routing or a default gateway.
Benefits of Using Proxy ARP
Enables the switch to respond to ARP queries for network addresses by offering its own Ethernet media access control (MAC) address.
Enables the switch to act as an ARP proxy allows the hosts to transparently communicate with each other through the switch.
Helps hosts on a subnet reach remote subnets without your having to configure routing or a default gateway.
What Is ARP?
Ethernet LANs use ARP to map Ethernet MAC addresses to IP addresses. Each device maintains a cache containing a mapping of MAC addresses to IP addresses. The switch maintains this mapping in a cache that it consults when forwarding packets to network devices. If the ARP cache does not contain an entry for the destination device, the host (the DHCP client) broadcasts an ARP request for that device's address and stores the response in the cache.
Proxy ARP Overview
When proxy ARP is enabled, if the switch receives an ARP request for which it has a route to the target (destination) IP address, the switch responds by sending a proxy ARP reply packet containing its own MAC address. The host that sent the ARP request then sends its packets to the switch, which forwards them to the intended host.
For security reasons, the source address in an ARP request must be on the same subnet as the interface on which the ARP request is received.
You can configure proxy ARP for each interface. You can also configure proxy ARP for an integrated routing and bridging (IRB) interface named irb or a routed VLAN interface (RVI) named vlan. (On EX Series switches that use Juniper Networks Junos operating system (Junos OS) with support for the Enhanced Layer 2 Software (ELS) configuration style, the feature is known as an IRB interface. On EX Series switches that use Junos OS that does not support ELS, the feature is known as an RVI.)
Two modes of proxy ARP are supported: restricted and unrestricted. Both modes require that the switch have an active route to the destination address of the ARP request.
Restricted—The switch responds to ARP requests in which the physical networks of the source and target are different and does not respond if the source and target IP addresses are on the same subnet. In this mode, hosts on the same subnet communicate without proxy ARP. We recommend that you use this mode on the switch.
Unrestricted—The switch responds to all ARP requests for which it has a route to the destination. This is the default mode (because it is the default mode in Juniper Networks Junos operating system (Junos OS) configurations other than those on the switch). We recommend using restricted mode on the switch.
Best Practices for Proxy ARP
We recommend these best practices for configuring proxy ARP on the switches:
Set proxy ARP to restricted mode.
Use restricted mode when configuring proxy ARP on RVIs or IRB interfaces.
If you set proxy ARP to unrestricted, disable gratuitous ARP requests on each interface enabled for proxy ARP.
Configuring Proxy ARP on Devices with ELS Support
This task uses Junos OS for EX Series switches and QFX3500 and QFX3600 switches with support for the Enhanced Layer 2 Software (ELS) configuration style.If your switch runs software that does not support ELS, see Configuring Proxy ARP on Switches or Configuring Proxy ARP. For ELS details, see Using the Enhanced Layer 2 Software CLI.
You can configure proxy Address Resolution Protocol (ARP) on your switch to enable the switch to respond to ARP queries for network addresses by offering its own media access control (MAC) address. With proxy ARP enabled, the switch captures and routes traffic to the intended destination.
To configure proxy ARP on a single interface:
[edit interfaces] user@switch# set interface-name unit logical-unit-number proxy-arp (restricted | unrestricted)
We recommend that you configure proxy ARP in restricted mode. In restricted mode, the switch does not act as a proxy if the source and target IP addresses are on the same subnet. If you decide to use unrestricted mode, disable gratuitous ARP requests on the interface to avoid a situation wherein the switch’s response to a gratuitous ARP request appears to the host to be an indication of an IP conflict.
To configure proxy ARP on an integrated routing and bridging (IRB) interface:
[edit interfaces] user@switch# set irb.logical-unit-number proxy-arp restricted
Configuring Proxy ARP on Switches
This task uses Junos OS for EX Series switches that does not support the Enhanced Layer 2 Software (ELS) configuration style. If your switch runs software that supports ELS, see Configuring Proxy ARP on Devices with ELS Support. For ELS details, see Using the Enhanced Layer 2 Software CLI.
You can configure proxy Address Resolution Protocol (ARP) on your EX Series switch to enable the switch to respond to ARP queries for network addresses by offering its own media access control (MAC) address. With proxy ARP enabled, the switch captures and routes traffic to the intended destination.
To configure proxy ARP on a single interface:
[edit interfaces] user@switch# set ge-0/0/3 unit 0 proxy-arp restricted
We recommend that you configure proxy ARP in restricted mode. In restricted mode, the switch is not a proxy if the source and target IP addresses are on the same subnet. If you use unrestricted mode, disable gratuitous ARP requests on the interface to avoid the situation of the switch’s response to a gratuitous ARP request appearing to the host to be an indication of an IP conflict:
To configure proxy ARP on a routed VLAN interface (RVI):
[edit interfaces] user@switch# set vlan unit 100 proxy-arp restricted
See Also
Configuring Proxy ARP
You can configure proxy Address Resolution Protocol (ARP) to enable the switch to respond to ARP queries for network addresses by offering its own media access control (MAC) address. With proxy ARP enabled, the switch captures and routes traffic to the intended destination.
To configure proxy ARP on a single interface:
[edit interfaces] user@switch# set xe-0/0/3 unit 0 proxy-arp restricted
We recommend that you configure proxy ARP in restricted mode. In restricted mode, the switch is not a proxy if the source and target IP addresses are on the same subnet. If you use unrestricted mode, disable gratuitous ARP requests on the interface to avoid the situation of the switch’s response to a gratuitous ARP request appearing to the host to be an indication of an IP conflict:
To configure proxy ARP on a routed VLAN interface (RVI):
[edit interfaces] user@switch# set vlan unit 100 proxy-arp restricted
See Also
Verifying That Proxy ARP Is Working Correctly
Purpose
Verify that the switch is sending proxy ARP messages.
Action
List the system statistics for ARP:
user@switch> show system statistics arp
arp:
90060 datagrams received
34 ARP requests received
610 ARP replies received
2 resolution request received
0 unrestricted proxy requests
0 restricted proxy requests
0 received proxy requests
0 unrestricted proxy requests not proxied
0 restricted proxy requests not proxied
0 datagrams with bogus interface
0 datagrams with incorrect length
0 datagrams for non-IP protocol
0 datagrams with unsupported op code
0 datagrams with bad protocol address length
0 datagrams with bad hardware address length
0 datagrams with multicast source address
0 datagrams with multicast target address
0 datagrams with my own hardware address
0 datagrams for an address not on the interface
0 datagrams with a broadcast source address
294 datagrams with source address duplicate to mine
89113 datagrams which were not for me
0 packets discarded waiting for resolution
0 packets sent after waiting for resolution
309 ARP requests sent
35 ARP replies sent
0 requests for memory denied
0 requests dropped on entry
0 requests dropped during retry
0 requests dropped due to interface deletion
0 requests on unnumbered interfaces
0 new requests on unnumbered interfaces
0 replies for from unnumbered interfaces
0 requests on unnumbered interface with non-subnetted donor
0 replies from unnumbered interface with non-subnetted donor
Meaning
The statistics show that two proxy ARP requests were
received. The unrestricted proxy requests not proxied and restricted proxy requests not proxied fields indicate that
all the unproxied ARP requests received have been proxied by the switch.
