Example for Configuring Intra-VLAN Proxy ARP
Networking Requirements
As shown in Figure 2-13, hosts of the accounting department are located in a VLAN. Hosts of the accounting department are attacked by viruses when they access the Internet. The attacked hosts send a large number of broadcast packets, causing broadcast storms in the VLAN. Even hosts cannot communicate. The company requires that broadcast storms be prevented to ensure communication between hosts and information security.
Configuration Roadmap
The configuration roadmap is as follows:
Configure interface isolation on the downstream interface of the switch to forbid Layer 2 communication and remove broadcast storms.
Enable intra-VLAN proxy ARP on the VLANIF interface to prevent broadcast storms and implement Layer 3 communication between hosts in the accounting department.
Procedure
- Add Etherent2/0/0 to VLAN10.
# Create VLAN10.
<Huawei> system-view
[Huawei] sysname Router
[Router] vlan 10
[Router-vlan10] quit
# Add Etherent2/0/0 to VLAN10.
[Router] interface ethernet 2/0/0[Router-Ethernet2/0/0] port hybrid tagged vlan 10[Router-Ethernet2/0/0] port hybrid pvid vlan 10# Configure an IP address for VLANIF10.
[Router] interface vlanif 10
[Router-Vlanif10] ip address 10.1.1.12 255.255.255.0
[Router-Vlanif10] quit
- Configure the switch.
Create VLAN10 on the switch and add all interfaces to VLAN10. Configure isolation for downstream interfaces connected to users. The configuration details are not mentioned here.
- Configure IP addresses for PCs.
# Configure an IP address for each PC. Ensure that the IP addresses of PCs and the IP address of VLANIF10 are on the same network segment. The configuration details are not mentioned here.
# After the configuration is complete, each PC and the router can ping each other. PCs, however, cannot ping each other.
- Enable intra-VLAN proxy ARP on VLANIF10.
[Router] interface vlanif 10
[Router-Vlanif10] arp-proxy inner-sub-vlan-proxy enable
[Router-Vlanif10] quit
- Verify the configuration.
# Ping PC A and PC B. They can ping each other.
C:\Documents and Settings\Administrator> ping 10.1.1.100 PING 10.1.1.100: 56 data bytes, press CTRL_C to break Reply from 10.1.1.100: bytes=56 Sequence=1 ttl=255 time=10 ms Reply from 10.1.1.100: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.1.100: bytes=56 Sequence=3 ttl=255 time=10 ms Reply from 10.1.1.100: bytes=56 Sequence=4 ttl=255 time=10 ms Reply from 10.1.1.100: bytes=56 Sequence=5 ttl=255 time=10 ms --- 10.1.1.100 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 10/10/10 ms