Technical Documentation

Downloads
Example: Configuring Proxy ARP on an EX Series Switch

Related Topics
Configuring Proxy ARP (CLI Procedure)
Understanding Proxy ARP on EX Series Switches

Example: Configuring Proxy ARP on an EX Series Switch

You can configure proxy Address Resolution Protocol (ARP) on your EX Series switch to enable the switch to respond to ARP queries for network addresses by offering its own MAC address. With proxy ARP enabled, the switch captures and routes traffic to the intended destination.

This example shows how to configure proxy ARP on an access switch:

Requirements

This example uses the following hardware and software components:

JUNOS Release 10.0 or later for EX Series switches
One EX Series switch

Overview and Topology

This example shows the configuration of proxy ARP on an interface of an EX Series switch using restricted mode. In restricted mode, the switch does not proxy for hosts on the same subnet.

The topology for this example consists of one EX Series switch. When a host wants to communicate with a host that is not already in its ARP table, it broadcasts an ARP request for the MAC address of the destination host:

When proxy ARP is not enabled, a host that shares the same IP address replies directly to the ARP request, providing its MAC address, and future transmissions are sent directly to the destination host MAC address.
When proxy ARP is enabled, the switch responds to ARP requests, providing the switch’s MAC address—even when the destination IP address is the same as the source IP address. Thus, communications must be sent through the switch and then routed through the switch to the appropriate destination.

This example includes disabling interfaces from responding to gratuitous ARP requests.

Best Practice: We recommend that you disable gratuitous ARP requests on each interface on which proxy ARP is enabled. A gratuitous ARP request is an ARP request packet where the source and destination IP addresses are both set to the IP address of the host issuing the packet and the destination MAC is the broadcast address. Ordinarily, no reply packet will be sent. If gratuitous ARP requests are not disabled on the interfaces, the response of the switch to a gratuitous ARP request will appear to the host to indicate an IP conflict.

Configuration

To configure proxy ARP, perform the following tasks:

CLI Quick Configuration

To quickly configure proxy ARP, copy the following commands and paste them into the switch terminal window:

[edit]
set interfaces
                              ge-0/0/3 unit 0 proxy-arp restricted
set interfaces ge-0/0/3 no-gratuitous-arp-request

Step-by-Step Procedure

To configure proxy ARP:

Configure one interface for proxy ARP:

[edit interfaces] user@switch# set ge-0/0/3 unit 0 proxy-arp restricted
Disable gratuitous ARP requests on the interface:

[edit interfaces] user@switch# set ge-0/0/3 no-gratuitous-arp-request

Results

Display the results of the configuration:


                        
                           user@switch> show configuration 
                           
                           
                              
                                 interfaces {
                                 
                                    
                                       ge-0/0/3 {
                                       no-gratuitous-arp-request;
                                       
                                          
                                             unit 0 {
                                             proxy-arp restricted;
                                             family ethernet-switching;
                                             }
                                          
                                       
                                       }

Verification

To verify that the switch is sending proxy ARP messages, perform these tasks:

Verifying That the Switch Is Sending Proxy ARP Messages

Verifying That the Switch Is Sending Proxy ARP Messages

Purpose

Verify that the switch is sending proxy ARP messages.

Action

List the system statistics for ARP messages:

user@switch> show system statistics arp

arp:
        198319 datagrams received
        45 ARP requests received
        12 ARP replies received
        2 resolution requests received
        2 unrestricted proxy requests
        0 restricted proxy requests
        0 received proxy requests
        0 proxy requests not proxied
        0 restricted-proxy requests not proxied
        0 with bogus interface
        0 with incorrect length
        0 for non-IP protocol
        0 with unsupported op code
        0 with bad protocol address length
        0 with bad hardware address length
        0 with multicast source address
        0 with multicast target address
        0 with my own hardware address
        168705 for an address not on the interface
        0 with a broadcast source address
        0 with source address duplicate to mine
        29555 which were not for me
        0 packets discarded waiting for resolution
        4 packets sent after waiting for resolution
        27 ARP requests sent
        47 ARP replies sent
        0 requests for memory denied
        0 requests dropped on entry
        0 requests dropped during retry
        0 requests dropped due to interface deletion
        0 requests on unnumbered interfaces
        0 new requests on unnumbered interfaces
        0 replies for from unnumbered interfaces
        0 requests on unnumbered interface with non-subnetted donor
        0 replies from unnumbered interface with non-subnetted donor

Meaning

The statistics show that two proxy ARP requests were received and proxy requests not proxied indicates that all the unproxied ARP requests received have been proxied by the switch.