SNR S2989G-48TX-RPS — настройка локального ARP прокси на коммутаторах агрегации [190/553]

Превью страниц Страница 190 / 553

S2989G-24TX Operation Manual

Chapter 3 IP services Configuration

3-28

192.168.1.1

In a real application environment, the switches in the aggregation layer are required

to implement local ARP proxy function to avoid ARP cheating. This function will restrict the

forwarding of ARP messages in the same vlan and thus direct the L3 forwarding of the

data flow through the switch.

PC1

192.168.1.100

PC2

192.168.1.200

As shown in the figure above, PC1 wants to send an IP message to PC2, the overall

procedure goes as follows (some non-arp details are ignored)

1. Since PC1 does not have the ARP of PC2, it sends and broadcasts ARP request.

2. Receiving the ARP message, the switch hardware will send the ARP request to

CPU instead of forwarding this message via hardware, according to new ARP handling

rules.

3. With local ARP proxy enabled, the switch will send ARP reply message to PC1 (to

fill up its mac address)

4. After receiving the ARP reply, PC1 will create ARP, send an IP message, and set

the destination MAC of the Ethernet head as the MAC of the switch.

5. After receiving the ip message, the switch will search the router table (to create

router cache) and distribute hardware entries.

6. If the switch has the ARP of PC2, it will directly encapsulate the Ethernet head and

send the message (the destination MAC is that of PC2)

7. If the switch does not have the ARP of PC2, it will request it and then send the ip

message.

This function should cooperate with other security functions. When users configure

local ARP proxy on an aggregation switch while configuring interface isolation function on

the layer-2 switch connected to it, all ip flow will be forwarded on layer 3 via the

aggregation switch. And due to the interface isolation, ARP messages will not be

forwarded within the vlan, which means other PCs will not receive it.