Recently, while trying to enable proxy arp on an interface, I noticed the presence of the sub interface command ‘ip local-proxy-arp’. I was a little puzzled and the googling I did didn’t help me get a better understanding of the concept. Bewildered, I turned to my favorite network forum, networking-forum.com and asked if someone could help out with an explanation…
Vito was able to sum up the feature nicely for me. Local proxy ARP just implies that it’s a proxy ARP that occurs on the same interface. That is, the traffic comes in, and goes out of the same interface. Let’s look at a quick example so you can see my point…
So here we have a basic private-VLAN configuration. Router 1 is a promiscuous device that all of the machines in the isolated VLAN need to talk to. In normal circumstances, this would work as you expect. That is, all three servers could talk to the router, but not to each other. However, if we turn on the ‘ip local-proxy-arp’ command on the router1’s southbound interface, things change…
Enter configuration commands, one per line. End with CNTL/Z.
Now, let’s try communicating from server to server…
Sending 5, 100-byte ICMP Echos to 192.168.0.30, timeout is 2 seconds:
Success rate is 60 percent (3/5), round-trip min/avg/max = 1/1/1 ms
Looking at the ARP table on the server we can now see that it has an ARP entry for one of the other isolated server (192.168.0.30) with the same layer 2 destination as that of router1.
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.0.10 3 0018.19f3.86fa ARPA FastEthernet0/0
Internet 192.168.0.30 0 0018.19f3.86fa ARPA FastEthernet0/0
Internet 192.168.0.20 – 0013.19d7.6990 ARPA FastEthernet0/0
So as you can see, the local version of the proxy ARP command allows proxy ARP to work in and out of the same interface.