[j-nsp] Network configuration question / vlan and bridging related

Steinar Torsvik steinar at fasthost.no
Thu Jun 23 19:09:31 EDT 2005 

Hi,

Niels Bakker wrote:
> * steinar at fasthost.no (Steinar Torsvik) [Thu 23 Jun 2005, 18:33 CEST]:
> 
>>There are 700 edge ports who all is in one separate vlan. This making 
>>the traffic separated until it reaches the Juniper. The goal here is to 
>>get all client traffic separated so nobody can mess up / hijack ip 
>>addresses and so on.
>>
>>My question is basicly, what is the best way to administrate / 
>>distribute the ip addresses in a simple and easy to maintain way.
> 
> 
> Get an ERX with local-proxy-arp and treat 'em all as private VLANs.

This is partly a solution i am hoping for. You say here "get an erx" -
according to http://www.juniper.net/products/junos/105021.html the
functionality is included in the M series router we already have, is
there any reason for you advising another Juniper product?

According to http://www.juniper.net/products/junos/105021.html the
configuration of proxy-arp is quite simple.

I am thinking simple here, As far as I understand proxy arp works as
long as the router has the address looking for in its local arp table or
routing table?

Will the following example configuration work out-of-the box?

unit 0 {
     description default-gateway;
     vlan-id 800;
     family inet {
         address 192.168.0.1/16;
     }
     proxy-arp;
}
unit 1 {
     description client1;
     vlan-id 1000;
     proxy-arp;
}
unit 2 {
     description client2;
     vlan-id 1001;
     proxy-arp;
}

and so on?

Assuming client 1 has got ip address 192.168.0.2/16 and client 2 has got
192.168.0.3/16 - both with default gw 192.168.0.1. Will they both be
able to reach eachother and the Internet?

What will happen if client 2 "steals" the ip address of client 1? Is
there any way to prevent this from happening? There must be some kind of
filtering who maybe is updated by a dhcp leases database or something
controlling that the correct ip address is comming from the correct mac
address and / or correct unit/interface.

I belive there is more to it, but I cannot find any configuration
examples or documents advicing me. Does anyone have a pointer here where
I can get further information?

-- 
Regards,

Steinar Torsvik
Fasthost AS
Tlf: +47 00 88 50
Mob: +47 99 02 99 88

More information about the juniper-nsp mailing list