Re: Local Proxy ARP

From: Cisco Net (network.cisco@gmail.com)
Date: Thu Nov 04 2004 - 14:46:40 GMT-3

By the way how do you enable local proxy -arp on the interfaces/vlan ?
is it ip proxy-arp
Cert

On Thu, 4 Nov 2004 20:11:09 +0300, Daniel Ginsburg <dginsburg@gmail.com> wrote:
> Well, I used them together once.
>
> In a small office there're 3550 switch, few workstations and few Cisco
> 7940 phones. Phones are attached to the switch and workstations are
> attached to phones' PC ports. Data VLAN is 20, voice VLAN is 30. It is
> required to disallow workstations to talk to each other but allow
> voice packets to flow between phones.
>
> Protected ports feature works per port not per port/vlan. When ports
> are protected workstations don't talk to each other as required, but
> voip doesn't work. Whan ports are unprotected voip works ok, but
> workstation can communicate. To work it around and enable phones to
> talk to each other while preventing workstation to communicate local
> proxy arp can be used on the voice vlan. No local proxy arp an data
> vlan though.
>
> On Thu, 4 Nov 2004 16:50:36 -0000, Weidong Xiao
>
>
> <weidong.xiao@active24.co.uk> wrote:
> > Say on a 3550, port fa0/11 and fa0/22 are both access ports of vlan 100, in
> > protected mode. By default Local Proxy ARP is disabled on vlan 100, and
> > servers off fa0/11 and fa0/22 can not talk to each other.
> >
> > If Local Proxy ARP is enabled on vlan 100, then servers off fa0/11 and fa0/22
> > can talk to each other.
> >
> > Is there any point to use both features at the same time on same vlan?
> >
> > Thanks,
> >
> > --
> > Weidong
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> > > Daniel Ginsburg
> > > Sent: 04 November 2004 16:32
> > > To: Sheahan, John
> > > Cc: Richard Dumoulin; ccielab@groupstudy.com
> > > Subject: Re: Local Proxy ARP
> > >
> > >
> > > http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/1212
> > > 0ea2/3550scg/swtrafc.htm#wp1158863
> > >
> > > Basicaly protected port are used to prevent ports in the same VLAN to
> > > talk to each other. Higher end switches have so called private vlans
> > > which are more powerful and allow to restrict communication of same
> > > vlan ports on different switches.
> > >
> > > On Thu, 4 Nov 2004 11:12:55 -0500, Sheahan, John
> > > <john.sheahan@priceline.com> wrote:
> > > > I guess I'm not familiar with "protected mode" on switch
> > > ports...does this have to do with 802.1X?
> > > >
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com
> > > [mailto:nobody@groupstudy.com]On Behalf Of
> > > > Daniel Ginsburg
> > > > Sent: Thursday, November 04, 2004 11:02 AM
> > > > To: Richard Dumoulin
> > > > Cc: ccielab@groupstudy.com
> > > > Subject: Re: Local Proxy ARP
> > > >
> > > > Local proxy arp feature responds to arp requests of *local*
> > > IP addresses.
> > > > Example:
> > > > HostA and HostB are in the same VLAN, their ports are set
> > > to protected
> > > > mode. They won't be able to communicate with each other
> > > directly since
> > > > ARP won't go through. To enable them to communicate through
> > > the router
> > > > local proxy arp feature could be enabled on the appropriate
> > > interface
> > > > of the router.
> > > >
> > > > On Thu, 4 Nov 2004 15:46:02 -0000, Richard Dumoulin
> > > > <richard.dumoulin@vanco.fr> wrote:
> > > > > I can't see the difference between Proxy ARP and Local Proxy ARP
> > > > >
> > http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_command_refe
> > > > rence_chapter09186a008017d169.html
> > > >
> > <http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_command_ref
> > > > erence_chapter09186a008017d169.html>
> > > >
> > > > Could anyone help ?
> > > >
> > > > Thanks
> > > > --Richard
> > > >
> > > > **********************************************************************
> > > > Any opinions expressed in the email are those of the individual and not
> > necessarily the company. This email and any files transmitted with it are
> > confidential and solely for the use of the intended recipient. If you are
> > not the intended recipient or the person responsible for delivering it to the
> > intended recipient, be advised that you have received this email in error and
> > that any dissemination, distribution, copying or use is strictly prohibited.
> > > >
> > > > If you have received this email in error, or if you are concerned with
> > the content of this email please e-mail to: e-security.support@vanco.info
> > > >
> > > > The contents of an attachment to this e-mail may contain software viruses
> > which could damage your own computer system. While the sender has taken every
> > reasonable precaution to minimise this risk, we cannot accept liability for
> > any damage which you sustain as a result of software viruses. You should
> > carry out your own virus checks before opening any attachments to this
> > e-mail.
> > > > **********************************************************************
> > > >
> > > > _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > >
> > > --
> > > dg
> > >
> > > _______________________________________________________________________
> > >
> > >
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> >
> > --
> > dg
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
>
> --
>
>
> dg
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:38 GMT-3