Manualshelf

R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
201202203204205206207208209210
194
Proxy ARP configuration
NOTE:
The firewall supports configuring proxy ARP only in the command line interface (CLI).
Proxy ARP overview
If a host sends an ARP request for the MAC address of another host that actually resides on another
network (but the sending host considers the requested host is on the same network) or that is isolated from
the sending host at Layer 2, the device in between must be able to respond to the request with the MAC
address of the receiving interface to allow Layer 3 communication between the two hosts. This is
achieved by proxy ARP. Proxy ARP hides the physical details of the network.
Proxy ARP involves common proxy ARP and local proxy ARP, which are described in the following
sections.
NOTE:
The term proxy ARP in the followin
g
sections of this chapter refers to common proxy ARP unless otherwise
specified.
Proxy ARP
A proxy ARP enabled device allows hosts that reside on different subnets to communicate.
As shown in Figure 106,
Firewall connects to two subnets through GigabitEthernet 0/0 and
GigabitEthernet 0/1. The IP addresses of the two interfaces are 192.168.10.99/24 and
192.168.20.99/24. Host A and Host B have the same prefix 192.168.0.0 assigned and connect to
GigabitEthernet 0/0 and GigabitEthernet 0/1, respectively.
Figure 106 Application environment of proxy ARP
Because Host A considers that Host B is on the same network, it directly sends an ARP request for the
MAC address of Host B. Host B, however, cannot receive this request because it locates in a different
broadcast domain.
You can solve the problem by enabling proxy ARP on Firewall. After that, Firewall can reply to the ARP
request from Host A with the MAC address of GigabitEthernet 0/0, and forward packets sent from Host
A to Host B. In this case, Firewall seems like a proxy of Host B.
A main advantage of proxy ARP is that it is added on a single device without disturbing routing tables
of other devices in the network. Proxy ARP acts as the gateway for IP hosts that are not configured with
a default gateway or do not have routing capability.