[j-nsp] Filtering for the ARP database
Bjørn Skovlund
skovlund at gmail.com
Fri Jun 4 09:00:17 EDT 2010
Hi all,
I have a little issue with some MX-240s running static subscribers and
some DHCP relay. The issue is that our subscribers (delviered in
Q-in-Q) have a tendency to leak out their LAN side to the WAN -
causing situations like this:
bsr at eca1-hoer> show arp no-resolve | grep 192.168.1.1 | count
Count: 379 lines
Since I'm running proxy-arp, this is not very ideal. So I'm looking
for an idea as to how to filter them out. Either by only allowing
entries that are received by DHCP (Dynamic ARP Inspection-style from
the EXs) or simply by filtering out the rfc1918 entries.
Any idea?
Thanks in advance,
Bjørn
More information about the juniper-nsp
mailing list