Local proxy ARP configuration example in isolate-user-VLAN
Network requirements
As shown in Figure 11, Switch B is attached to Switch A. VLAN 5 on Switch B is an isolate-user-VLAN, which includes uplink port GigabitEthernet 1/0/2 and two secondary VLANs, VLAN 2 and VLAN 3. GigabitEthernet 1/0/3 belongs to VLAN 2, and GigabitEthernet 1/0/1 belongs to VLAN 3.
Host A belongs to VLAN 2 and connects to GigabitEthernet 1/0/3 of Switch B. Host B belongs to VLAN 3 and connects to GigabitEthernet 1/0/1 of Switch B.
As Host A and Host B belong to different secondary VLANs, they are isolated at Layer 2. Configure local proxy ARP on Switch A to implement Layer 3 communication between Host A and Host B.
Figure 11: Network diagram
Configuration procedure
Configure Switch B:
# Create VLAN 2, VLAN 3, and VLAN 5 on Switch B. Add GigabitEthernet 1/0/3 to VLAN 2, GigabitEthernet 1/0/1 to VLAN 3, and GigabitEthernet 1/0/2 to VLAN 5. Configure VLAN 5 as the isolate-user-VLAN, and VLAN 2 and VLAN 3 as secondary VLANs. Configure the mappings between isolate-user-VLAN and the secondary VLANs.
<SwitchB> system-view [SwitchB] vlan 2 [SwitchB-vlan2] port GigabitEthernet 1/0/3 [SwitchB-vlan2] quit [SwitchB] vlan 3 [SwitchB-vlan3] port GigabitEthernet 1/0/1 [SwitchB-vlan3] quit [SwitchB] vlan 5 [SwitchB-vlan5] port GigabitEthernet 1/0/2 [SwitchB-vlan5] isolate-user-vlan enable [SwitchB-vlan5] quit [SwitchB] interface GigabitEthernet 1/0/2 [SwitchB-GigabitEthernet1/0/2] port isolate-user-vlan 5 promiscuous [SwitchB-GigabitEthernet1/0/2] quit [SwitchB] interface GigabitEthernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] port isolate-user-vlan host [SwitchB-GigabitEthernet1/0/1] quit [SwitchB] interface GigabitEthernet 1/0/3 [SwitchB-GigabitEthernet1/0/3] port isolate-user-vlan host [SwitchB-GigabitEthernet1/0/3] quit [SwitchB] isolate-user-vlan 5 secondary 2 3
Configure Switch A:
# Create VLAN 5 and add GigabitEthernet 1/0/2 to it.
<SwitchA> system-view [SwitchA] vlan 5 [SwitchA-vlan5] port GigabitEthernet 1/0/2 [SwitchA-vlan5] quit [SwitchA] interface vlan-interface 5 [SwitchA-Vlan-interface5] ip address 192.168.10.100 255.255.0.0
From Host A, ping Host B. The ping operation is unsuccessful because they are isolated at Layer 2.
# Configure local proxy ARP to implement Layer 3 communication between Host A and Host B.
[SwitchA-Vlan-interface5] local-proxy-arp enable
From Host A, ping Host B. The ping operation is successful after the configuration.