Re: Local Proxy ARP

From: Daniel Ginsburg (dginsburg@gmail.com)
Date: Thu Nov 04 2004 - 14:11:09 GMT-3

• Next message: Cisco Net: "Re: Local Proxy ARP"
• Previous message: ccie@rivancitadel.com: "RE: Commercial SSH"
• Maybe in reply to: Richard Dumoulin: "Local Proxy ARP"
• Next in thread: Cisco Net: "Re: Local Proxy ARP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Well, I used them together once.

In a small office there're 3550 switch, few workstations and few Cisco
7940 phones. Phones are attached to the switch and workstations are
attached to phones' PC ports. Data VLAN is 20, voice VLAN is 30. It is
required to disallow workstations to talk to each other but allow
voice packets to flow between phones.

Protected ports feature works per port not per port/vlan. When ports
are protected workstations don't talk to each other as required, but
voip doesn't work. Whan ports are unprotected voip works ok, but
workstation can communicate. To work it around and enable phones to
talk to each other while preventing workstation to communicate local
proxy arp can be used on the voice vlan. No local proxy arp an data
vlan though.

On Thu, 4 Nov 2004 16:50:36 -0000, Weidong Xiao
<weidong.xiao@active24.co.uk> wrote:
> Say on a 3550, port fa0/11 and fa0/22 are both access ports of vlan 100, in
> protected mode. By default Local Proxy ARP is disabled on vlan 100, and
> servers off fa0/11 and fa0/22 can not talk to each other.
>
> If Local Proxy ARP is enabled on vlan 100, then servers off fa0/11 and fa0/22
> can talk to each other.
>
> Is there any point to use both features at the same time on same vlan?
>
> Thanks,
>
> --
> Weidong
>
>
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> > Daniel Ginsburg
> > Sent: 04 November 2004 16:32
> > To: Sheahan, John
> > Cc: Richard Dumoulin; ccielab@groupstudy.com
> > Subject: Re: Local Proxy ARP
> >
> >
> > http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/1212
> > 0ea2/3550scg/swtrafc.htm#wp1158863
> >
> > Basicaly protected port are used to prevent ports in the same VLAN to
> > talk to each other. Higher end switches have so called private vlans
> > which are more powerful and allow to restrict communication of same
> > vlan ports on different switches.
> >
> > On Thu, 4 Nov 2004 11:12:55 -0500, Sheahan, John
> > <john.sheahan@priceline.com> wrote:
> > > I guess I'm not familiar with "protected mode" on switch
> > ports...does this have to do with 802.1X?
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com
> > [mailto:nobody@groupstudy.com]On Behalf Of
> > > Daniel Ginsburg
> > > Sent: Thursday, November 04, 2004 11:02 AM
> > > To: Richard Dumoulin
> > > Cc: ccielab@groupstudy.com
> > > Subject: Re: Local Proxy ARP
> > >
> > > Local proxy arp feature responds to arp requests of *local*
> > IP addresses.
> > > Example:
> > > HostA and HostB are in the same VLAN, their ports are set
> > to protected
> > > mode. They won't be able to communicate with each other
> > directly since
> > > ARP won't go through. To enable them to communicate through
> > the router
> > > local proxy arp feature could be enabled on the appropriate
> > interface
> > > of the router.
> > >
> > > On Thu, 4 Nov 2004 15:46:02 -0000, Richard Dumoulin
> > > <richard.dumoulin@vanco.fr> wrote:
> > > > I can't see the difference between Proxy ARP and Local Proxy ARP
> > > >
> http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_command_refe
> > > rence_chapter09186a008017d169.html
> > >
> <http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_command_ref
> > > erence_chapter09186a008017d169.html>
> > >
> > > Could anyone help ?
> > >
> > > Thanks
> > > --Richard
> > >
> > > **********************************************************************
> > > Any opinions expressed in the email are those of the individual and not
> necessarily the company. This email and any files transmitted with it are
> confidential and solely for the use of the intended recipient. If you are
> not the intended recipient or the person responsible for delivering it to the
> intended recipient, be advised that you have received this email in error and
> that any dissemination, distribution, copying or use is strictly prohibited.
> > >
> > > If you have received this email in error, or if you are concerned with
> the content of this email please e-mail to: e-security.support@vanco.info
> > >
> > > The contents of an attachment to this e-mail may contain software viruses
> which could damage your own computer system. While the sender has taken every
> reasonable precaution to minimise this risk, we cannot accept liability for
> any damage which you sustain as a result of software viruses. You should
> carry out your own virus checks before opening any attachments to this
> e-mail.
> > > **********************************************************************
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> >
> > --
> > dg
> >
> > _______________________________________________________________________
> >
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
> --
> dg
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

-- 
dg

• Next message: Cisco Net: "Re: Local Proxy ARP"
• Previous message: ccie@rivancitadel.com: "RE: Commercial SSH"
• Maybe in reply to: Richard Dumoulin: "Local Proxy ARP"
• Next in thread: Cisco Net: "Re: Local Proxy ARP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:38 GMT-3