Users Guide
private-vlan mode primary
8. Map secondary VLANs to the selected primary VLAN.
INTERFACE VLAN mode
private-vlan mapping secondary-vlan vlan-list
The list of secondary VLANs can be:
● Specified in comma-delimited (VLAN-ID,VLAN-ID) or hyphenated-range format (VLAN-ID-VLAN-ID).
● Specified with this command even before they have been created.
● Amended by specifying the new secondary VLAN to be added to the list.
Proxy ARP Capability on VLT Peer Nodes
The proxy ARP functionality is supported on VLT peer nodes.
A proxy ARP-enabled device answers the ARP requests that are destined for the other router in a VLT domain. The local host
forwards the traffic to the proxy ARP-enabled device, which in turn transmits the packets to the destination.
By default, proxy ARP is enabled. To disable proxy ARP, use the no proxy-arp command in Interface mode. To re-enable
proxy ARP, use the ip proxy-arp command in Interface mode. To view if proxy ARP is enabled on the interface, use the
show config command in INTERFACE mode. If it is not listed in the show config command output, it is enabled. Only
nondefault information displays in the show config command output.
An ARP proxy operation is performed on the VLT peer node IP address when the peer VLT node is down. The ARP proxy stops
working either when the peer routing timer expires or when the peer VLT node goes up. Layer 3 VLT provides a higher resiliency
at the Layer 3 forwarding level. VLT peer routing allows you to replace VRRP with routed VLT to route the traffic from Layer 2
access nodes. With proxy ARP, hosts can resolve the MAC address of the VLT node even when VLT node is down.
If the ICL link is down when a VLT node receives an ARP request for the IP address of the VLT peer, owing to LAG-level hashing
algorithm in the top-of-rack (ToR) switch, the incorrect VLT node responds to the ARP request with the peer MAC address.
Proxy ARP is not performed when the ICL link is up and the ARP request the wrong VLT peer. In this case, ARP requests are
tunneled to the VLT peer.
Proxy ARP supported on both VLT interfaces and non-VLT interfaces. Proxy ARP is supported on symmetric VLANs only. Proxy
ARP is enabled by default. To support proxy ARP, the routing table must be symmetrically configured. For example, consider a
sample topology in which you configure VLAN 100 on two VLT nodes, node 1 and node 2. You did not configure the ICL link
between the two VLT nodes. Assume that the VLAN 100 IP address in node 1 is 10.1.1.1/24 and VLAN 100 IP address in node 2 is
20.1.1.2/24. In this case, if the ARP request for 20.1.1.1 reaches node 1, node 1 does not perform the ARP request for 20.1.1.2.
Proxy ARP is supported only for the IP address that belongs to the received interface IP network. Proxy ARP is not supported if
the ARP-requested IP address is different from the received interface IP subnet. For example, if you configure VLAN 100 and
200 on the VLT peers, and if you configured the VLAN 100 IP address as 10.1.1.0/24 and you configured the VLAN 200 IP
address as 20.1.1.0/24, the proxy ARP is not performed if the VLT node receives an ARP request for 20.1.1.0/24 on VLAN 100.
Working of Proxy ARP for VLT Peer Nodes
Proxy ARP is enabled only when you enable peer routing on both the VLT peers. If you disable peer routing on one of the VLT
peers, proxy ARP is not performed when the ICL link goes down. Proxy ARP is performed only when the VLT peer's MAC
address is installed in the database. Proxy ARP is stopped when the VLT peer's MAC address is removed from the ARP
database because of peer routing timer expiry. The source hardware address in the ARP response contains the VLT peer MAC
address. Proxy ARP is supported for both unicast and broadcast ARP requests. Control packets, other than ARP requests
destined for the VLT peers that reach the undesired and incorrect VLT node, are dropped if the ICL link is down. Further
processing is not done on these control packets. The VLT node does not perform any action if it receives gratuitous ARP
requests for the VLT peer IP address. Proxy ARP is also supported on secondary VLANs. When the ICL link or peer is down, and
the ARP request for a private VLAN IP address reaches the wrong peer, the wrong peer responds to the ARP request with the
peer MAC address.
The IP address of the VLT node VLAN interface is synchronized with the VLT peer over ICL when the VLT peers are up.
Whenever you add or delete an IP address, this updated information is synchronized with the VLT peer. IP address
synchronization occurs regardless of the VLAN administrative state. IP address addition and deletion serve as the trigger events
for synchronization. When a VLAN state is down, the VLT peer might perform a proxy ARP operation for the IP addresses of
that VLAN interface.
960
Virtual Link Trunking (VLT)