Hi,“Disable proxy ARP within the Nutanix VLAN before configuring network segmentation” is mentioned in two documents.Security GuidePhysical Networking Best PracticesCould someone clarify what this means exactly?What is “the Nutanix VLAN”? Is it the “CVM/HOST management VLAN or all VLANs? What is the command to disable proxy ARP? Should this be done at the Nutanix level or the physical switch level?I couldn't find answers in the documentation. Any help would be greatly appreciated!Thanks in advance!

Solved

Disable proxy ARP within the Nutanix VLAN. What? How?

Forum|Forum|6 months ago
May 9, 2025
2 replies
117 views

Christophe Calvet
Voyager
2 replies

Hi,
“Disable proxy ARP within the Nutanix VLAN before configuring network segmentation” is mentioned in two documents.
Security Guide
Physical Networking Best Practices

Could someone clarify what this means exactly?

What is “the Nutanix VLAN”? Is it the “CVM/HOST management VLAN or all VLANs?
What is the command to disable proxy ARP?
Should this be done at the Nutanix level or the physical switch level?

I couldn't find answers in the documentation. Any help would be greatly appreciated!

Thanks in advance!

Best answer by smkim

What is “the Nutanix VLAN”? Is it the “CVM/HOST management VLAN or all VLANs?

“Within the Nutanix VLAN, nodes use IPv6 neighbor discovery protocol and IPv6 UDP broadcast messages.” → AHV/CVM VLAN

What is the command to disable proxy ARP?

When configuring network segmentation, it checks whether the IP you set is in use beforehand, and if it is not, proxy-arp responds and thinks it is already in use.

Error message like,

"Failure in pre expand-cluster tests.

Errors: Failed to allocate service IPs for one or more nodes.
IPs ['x.x.x.x'] were found configured on some other hosts.
Please run arp-scan and resolve the conflicts manually."

Commands to verify that proxy-arp is responding for unused IP.

CVM$ sudo arp-scan -NI eth0 xxx.xxx.xxx.xxx

I believe the command to disable proxy-arp on the switch is “# no ip proxy-arp”, but I'm not sure.

Should this be done at the Nutanix level or the physical switch level?

You need to disable it on the physical switch.

This topic has been closed for replies.

S

smkim
Adventurer
4 replies
Answer
Forum|Forum|6 months ago
May 16, 2025

What is “the Nutanix VLAN”? Is it the “CVM/HOST management VLAN or all VLANs?

“Within the Nutanix VLAN, nodes use IPv6 neighbor discovery protocol and IPv6 UDP broadcast messages.” → AHV/CVM VLAN

What is the command to disable proxy ARP?

When configuring network segmentation, it checks whether the IP you set is in use beforehand, and if it is not, proxy-arp responds and thinks it is already in use.

Error message like,

"Failure in pre expand-cluster tests.

Errors: Failed to allocate service IPs for one or more nodes.
IPs ['x.x.x.x'] were found configured on some other hosts.
Please run arp-scan and resolve the conflicts manually."

Commands to verify that proxy-arp is responding for unused IP.

CVM$ sudo arp-scan -NI eth0 xxx.xxx.xxx.xxx

I believe the command to disable proxy-arp on the switch is “# no ip proxy-arp”, but I'm not sure.

Should this be done at the Nutanix level or the physical switch level?

You need to disable it on the physical switch.

CT I&C, smkim@ctinc.co.kr

C

Christophe Calvet
Author
Voyager
2 replies
Forum|Forum|6 months ago
May 16, 2025

Thank you for the reply @smkim.
I think it is something that could be clarified in the documentation.

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded