[c-nsp] Layer 2 question
Mikael Abrahamsson
swmike at swm.pp.se
Tue Jul 29 14:17:07 EDT 2008
On Tue, 29 Jul 2008, Mike Johnson wrote:
> Proxy arp would be perfromed on a layer3 interface, the frames will never
> get there because of the layer 2 switch.
> Also, a layer3 device will not proxy-arp for hosts requiring arp information
> on the same segment, different segments is another story.
Local-proxy-arp will do proxy-arp for everything, including within the
IP subnet. This will force all customers to have the upstream L3 unit in
their ARP tables for all hosts within the subnet.
It's used in conjunction with forced-forwarding of packets to the uplink
ports of L2 switches as port of a total security scheme to avoid customers
being able to do man in the middle attacks on L2 segments. It should work
in your scenario as well.
--
Mikael Abrahamsson email: swmike at swm.pp.se
More information about the cisco-nsp
mailing list