A host in a VLAN cannot normally communicate to a host in another VLAN. This
rule applies to ARP requests as well. However, if you put the VLANs into a single VLAN group, the
BIG-IP system can perform a proxied ARP request.
proxied ARP request
is an ARP request
that the BIG-IP system can send, on behalf of a host in a VLAN, to hosts in another VLAN. A
proxied ARP request requires that both VLANs belong to the same VLAN group.
In some cases, you might not want a host to forward proxied ARP requests to
a specific host, or to other hosts in the configuration. To exclude specific hosts from receiving
forwarded proxied ARP requests, you use the BIG-IP Configuration utility and specify the IP
addresses that you want to exclude.
hosts on an ARP exclusion list are specified using their IP addresses, this does not prevent the
BIG-IP system from routing traffic to those hosts. A more secure way to prevent traffic from
passing between hosts in separate VLANs is to create a packet filter for each VLAN.