(This is interesting from a theoretical standpoint, though I don't see the usefulness of doing it on a real network.)
I can see how local-proxy-arp would allow traffic between two ports that are configured to be isolated at layer-2 if the routing module is running a seperate OS than the layer-2 module (e.g., a hybrid setup where the Supervisor is running CatOS but the MSFC is running IOS). Since the layer-3 module doesn't know what the layer-2 module's configuration is, it seems reasonable for it to happily proxy traffic between two isolated ports.
However, in a "native" configuration (such as a 3550) where one OS handles the layer-2 and layer-3 configuration, IOS may not allow local-proxy-arp to override layer-2 port isolation. The switch may even respond to all ARP requests per the local-proxy-arp configuration statement, but then drop any subsequent traffic that is both sourced and destined to isolated ports. This seems like the desirable behavior to me, as I'd hate to see a security feature like port security overriden by an unrelated command in such an unintuitive fashion.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...