[j-nsp] DHCP relaying/snooping and proxy-arp on MX-240
Kari Asheim
ka at mork.no
Thu Oct 22 18:02:56 EDT 2009
On Thu, Oct 22, 2009 at 04:51:39PM +0200, Bjørn Skovlund wrote:
>
> Secondly, we assign customers in /23 networks and have proxy-arp on,
> so they can talk to eachother. Problem is if a customer has more than
> one computer online (bridging), he needs to go over his WAN link and
> around the MX in order to talk between his two computers, as the MX is
> proxying the ARPs. Is there any way to disable arp-proxying towards
> the unit where the arp in question has been learned from?
Maybe this can help you:
Restricted proxy ARP — The switch does not respond to an ARP request
if the physical networks of the source and target of the ARP request
are the same. It does not matter whether the destination host has the
same IP address as the incoming interface or a different (remote) IP
address. An ARP request for a broadcast address elicits no reply.
documented here:
http://www.juniper.net/techpubs/en_US/junos9.6/topics/concept/ex-series-security-overview.html
I could not find MX-doc, but the command seems to be there in 9.6:
ka at mx480# set interfaces ge-0/0/0 unit 611 proxy-arp restr?
Possible completions:
restricted Enable restricted proxy ARP on the interface
Kari
More information about the juniper-nsp
mailing list