- Allied Telesis, Inc Switch Specification Manual

Protecting the user

Create A Secure Network With Allied Telesis Managed Layer 3 Switches 20

The following figure shows a network that can use either local proxy ARP or MAC-forced

forwarding—the examples in both the following sections refer to this network.

Local proxy ARP

In a network configuration like the previous figure, each

edge switch uses private VLANs to stop clients from talking

directly to each other. Private VLANs stop the edge switch

from flooding broadcast traffic, including clients’ ARP

requests. Instead, the switch sends ARP requests out its

uplink port to the access router.

If local proxy ARP is configured on the access router, then the access router responds to

ARP requests with its own MAC address, instead of the destination device’s MAC address.

This combination of private VLANs and local proxy ARP forces the clients to send all their

traffic to the access router. When the access router sees traffic from a client, it checks a list

of filters to determine whether to forward the traffic or drop it.

On each client residential gateway, you need to enable tagged VLANs on the connection to

the edge switch for the VLANs that the client should be able to access.

Internet

Edge

Switch 1

Edge

Switch 2

Edge

Switch 3

Residential

Gateway 1

Residential

Gateway 2

Residential

Gateway 3

Client 1

Client 2

Client 3

Access

Router

Management

SIP and Multicast

server

LACP

macff.eps

Products

All switches listed on page 2

Software Versions

2.9.

or later