Just enabled proxy-arp unrestricted and broke direct communications on the subnet. So no hosts could see each other anymore.
Gladfully had "commit confirmed 1"!
No, it's not like Cisco. Cisco is just working out of the box and does what the user expects.
user@sw1# show interfaces irb.20
description "OAM Server LAN";
proxy-arp restricted;
family inet {
mtu 1500;
address 192.168.44.4/23 {
preferred;
vrrp-group 20 {
virtual-address 192.168.45.254;
And there is a route to somewhere:
user@sw1# run show route table oam 192.168.44.132
oam.inet.0: 43 destinations, 50 routes (43 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.44.0/23 *[Direct/0] 91w4d 04:04:33
> via irb.20
user@sw1# run show route table oam 192.168.44.131
oam.inet.0: 43 destinations, 50 routes (43 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.44.131/32 *[OSPF/10] 00:30:34, metric 51
> to 192.168.39.37 via irb.110
to 192.168.39.38 via irb.110
https://www.juniper.net/documentation/en_US/junos/topics/concept/port-security-qfx-series-proxy-arp-understanding.html:
Restricted—The switch responds to ARP requests in which the physical networks of the source and target are different and does not respond if the source and target IP addresses are on the same subnet. In this mode, hosts on the same subnet communicate without proxy ARP.
So .131 is different to .130, the host which is asking. But EX4300 does not respond with his MAC.
Setting unrestriced breaks the LAN. All my hosts in the segment got mad not reaching each other anymore. Why that? What makes the switch respond to these ARP requests? The default route? Hopefully not, because that makes no sense.
IMHO restricted should do exactly what one expects. But it doesn't.
br
Walter