[c-nsp] Layer 2 question
Mike Johnson
harbor235 at gmail.com
Tue Jul 29 14:41:06 EDT 2008
Mikael,
Nice feature, I did not know about that. However, is that feature only for
the 6500 or do other catalyst
lines use it as well?
-Mike
On 7/29/08, Mikael Abrahamsson <swmike at swm.pp.se> wrote:
>
> On Tue, 29 Jul 2008, Mike Johnson wrote:
>
> Proxy arp would be perfromed on a layer3 interface, the frames will never
>> get there because of the layer 2 switch.
>> Also, a layer3 device will not proxy-arp for hosts requiring arp
>> information
>> on the same segment, different segments is another story.
>>
>
> Local-proxy-arp will do proxy-arp for everything, including within the IP
> subnet. This will force all customers to have the upstream L3 unit in their
> ARP tables for all hosts within the subnet.
>
> It's used in conjunction with forced-forwarding of packets to the uplink
> ports of L2 switches as port of a total security scheme to avoid customers
> being able to do man in the middle attacks on L2 segments. It should work in
> your scenario as well.
>
> --
> Mikael Abrahamsson email: swmike at swm.pp.se
>
More information about the cisco-nsp
mailing list