Local proxy ARP configuration example in isolate-user-VLAN

Network requirements

As shown in Figure 11, Switch B is attached to Switch A. VLAN 5 on Switch B is an isolate-user-VLAN, which includes uplink port GigabitEthernet 1/0/2 and two secondary VLANs, VLAN 2 and VLAN 3. GigabitEthernet 1/0/3 belongs to VLAN 2, and GigabitEthernet 1/0/1 belongs to VLAN 3.

Host A belongs to VLAN 2 and connects to GigabitEthernet 1/0/3 of Switch B. Host B belongs to VLAN 3 and connects to GigabitEthernet 1/0/1 of Switch B.

As Host A and Host B belong to different secondary VLANs, they are isolated at Layer 2. Configure local proxy ARP on Switch A to implement Layer 3 communication between Host A and Host B.

Figure 11: Network diagram

Configuration procedure

  1. Configure Switch B:

    # Create VLAN 2, VLAN 3, and VLAN 5 on Switch B. Add GigabitEthernet 1/0/3 to VLAN 2, GigabitEthernet 1/0/1 to VLAN 3, and GigabitEthernet 1/0/2 to VLAN 5. Configure VLAN 5 as the isolate-user-VLAN, and VLAN 2 and VLAN 3 as secondary VLANs. Configure the mappings between isolate-user-VLAN and the secondary VLANs.

    <SwitchB> system-view
    [SwitchB] vlan 2
    [SwitchB-vlan2] port GigabitEthernet 1/0/3
    [SwitchB-vlan2] quit
    [SwitchB] vlan 3
    [SwitchB-vlan3] port GigabitEthernet 1/0/1
    [SwitchB-vlan3] quit
    [SwitchB] vlan 5
    [SwitchB-vlan5] port GigabitEthernet 1/0/2
    [SwitchB-vlan5] isolate-user-vlan enable
    [SwitchB-vlan5] quit
    [SwitchB] interface GigabitEthernet 1/0/2
    [SwitchB-GigabitEthernet1/0/2] port isolate-user-vlan 5 promiscuous
    [SwitchB-GigabitEthernet1/0/2] quit
    [SwitchB] interface GigabitEthernet 1/0/1
    [SwitchB-GigabitEthernet1/0/1] port isolate-user-vlan host
    [SwitchB-GigabitEthernet1/0/1] quit
    [SwitchB] interface GigabitEthernet 1/0/3
    [SwitchB-GigabitEthernet1/0/3] port isolate-user-vlan host
    [SwitchB-GigabitEthernet1/0/3] quit
    [SwitchB] isolate-user-vlan 5 secondary 2 3
    
  2. Configure Switch A:

    # Create VLAN 5 and add GigabitEthernet 1/0/2 to it.

    <SwitchA> system-view
    [SwitchA] vlan 5
    [SwitchA-vlan5] port GigabitEthernet 1/0/2
    [SwitchA-vlan5] quit
    [SwitchA] interface vlan-interface 5
    [SwitchA-Vlan-interface5] ip address 192.168.10.100 255.255.0.0
    

    From Host A, ping Host B. The ping operation is unsuccessful because they are isolated at Layer 2.

    # Configure local proxy ARP to implement Layer 3 communication between Host A and Host B.

    [SwitchA-Vlan-interface5] local-proxy-arp enable
    

    From Host A, ping Host B. The ping operation is successful after the configuration.