Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
271272273274275276277278279280
256
19BConfiguring proxy ARP
Proxy ARP can be configured only at the CLI.
132B
Overview
Proxy ARP enables a device on a network to answer ARP requests for an IP address not on that network.
With proxy ARP, hosts on different broadcast domains can communicate with each other as they do on
the same network.
Proxy ARP includes common proxy ARP and local proxy ARP.
Common proxy ARP—Allows communication between hosts that connect to different Layer-3
interfaces and reside in different broadcast domains.
Local proxy ARP—Allows communication between hosts that connect to the same Layer-3 interface
and reside in different broadcast domains.
576BCommon proxy ARP
A proxy ARP enabled device allows hosts that reside on different subnets to communicate.
As shown in
2480HFigure 170, Firewall connects to two subnets through GigabitEthernet 0/1 and
GigabitEthernet 0/2. The IP addresses of the two interfaces are 192.168.10.99/24 and
192.168.20.99/24. Host A and Host B are assigned the same prefix 192.168.0.0. Host A connects to
GigabitEthernet 0/1 and Host B connects to GigabitEthernet 0/2.
Figure 170 Application environment of proxy ARP
Because Host A and Host B have the same prefix 192.168.0.0, Host A considers that Host B is on the
same network, and it broadcasts an ARP request for the MAC address of Host B. However, Host B cannot
receive this request because it is in a different broadcast domain.
You can enable proxy ARP on GigabitEthernet 0/1 of the firewall so that the firewall can reply to the ARP
request from Host A with the MAC address of GigabitEthernet 0/1, and forward packets sent from Host
A to Host B. In this case, the firewall acts as a proxy of Host B.
A main advantage of proxy ARP is that you can enable it on a single device without disturbing routing
tables of other devices in the network. Proxy ARP acts as the gateway for hosts that are not configured
with a default gateway or do not have routing capability.
577BLocal proxy ARP
As shown in 2481HFigure 171, Host A and Host B belong to VLAN 2, but are isolated at Layer 2. Host A
connects to GigabitEthernet 0/3 while Host B connects to GigabitEthernet 0/1. Enable local proxy ARP
on Firewall to allow Layer 3 communication between the two hosts.