No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 12

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring ARP

Configuring ARP

This section describes the procedures for configuring ARP.

Configuring Static ARP

Static ARP entries improve communication security.

Context

Static ARP entries are manually configured and maintained. They cannot be aged and overridden by dynamic ARP entries. Therefore, static ARP entries improve communication security. Static ARP entries ensure communication between the local device and a specified device by using a specified MAC address so that attackers cannot modify mappings between IP addresses and MAC addresses in static ARP entries.

Static ARP entries are classified into short and long entries.
  • Short static ARP entries

    The short static ARP entries cannot be used to forward messages directly. Users send ARP request messages first. If the source IP and MAC addresses of the received reply messages are the same as the configured IP and MAC addresses, the interface receiving ARP reply messages is added into the static ARP entries. Therefore, devices can use this interface to forward messages directly.

  • Long static ARP entries

    When configuring long static ARP entries, configure IP and MAC addresses as well as the VLAN and the outbound interface through which devices send messages based on the ARP entries. Long static ARP entries are directly used to forward messages.

NOTE:

Static ARP entries cannot be modified. However, the configuration workload is heavy. Static ARP entries cannot apply to a network where IP addresses of hosts may change or a small-sized network.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    arp static ip-address mac-address [ vpn-instance vpn-instance-name ] or arp static ip-address mac-address [ vlan vlan-id ] interface interface-type interface-number

    A static ARP entry is configured.

    NOTE:

    If you want the device and the specified user to communicate only using certain fixed IP and MAC addresses, configuring short static ARP entries is recommended. If you want to further specify the interface only through which the user can communicate with the device in a VLAN, configuring long static ARP entries is recommended.

  3. Run:

    commit

    The configuration is committed.

Checking the Configuration

After configuring the static ARP entries is complete, run the following commands to check the configuration.

  • Run the display arp interface interface-type interface-number command to check ARP mapping entries of a specified interface.

  • Run the display arp [ network network-address [ network-mask | mask-length ] ] static command to check static ARP mapping entries.

  • Run the display arp vpn-instance vpn-instance-name static command to check static ARP mapping entries of a specified VPN instance.

  • Run the display arp vlan vlan-id interface interface-type interface-number command to check ARP mapping entries of a specified VLAN.

Optimizing Dynamic ARP

By default, hosts and switch moduless dynamically learn ARP entries. You can adjust parameters of dynamic ARP entries based on network requirements.

Pre-configuration Tasks

Before optimizing dynamic ARP, complete the following tasks:

  • Setting link layer protocol parameters for interfaces to ensure that the link layer protocol status of the interfaces is Up

Adjusting Aging Parameters of Dynamic ARP Entries

Context

Aging parameters of dynamic ARP entries include the aging time, the number of probes, detection intervals, and detection modes. Proper adjustment of aging parameters improves network reliability.

You can adjust the following aging parameters of dynamic ARP entries:
  • Aging time of dynamic ARP entries: Before the aging time of a dynamic ARP entry is reached, the device sends an ARP Request packet to the corresponding outbound interface and starts ARP aging detection.

  • Number of probes to dynamic ARP entries: Before aging a dynamic ARP entry, the system first performs probes. If no answer is received after the times of probes reach the upper limit, the ARP entry is deleted.

  • Detection interval for dynamic ARP entries: which is the interval for sending ARP probe packets.

    NOTE:
    • If the value of the aging time is set too small (for example, 1 minute), the system consumes most resources on updating dynamic ARP entries, affecting the processing of other services.

    • Time duration starting from when the device sends a probe packet to when the device deletes the dynamic ARP entry = number of probes x detection interval. The detection interval should not be set too long; otherwise, the device cannot detect a timely reply.

  • Aging detection modes of dynamic ARP entries: Before an ARP entry is aged, an interface sends an ARP aging probe packet.

    NOTE:
    • If the IP address of the peer device remains the same but the MAC address changes frequently, it is recommended that you configure ARP aging probe packets to be broadcast.
    • If the MAC address of the peer device remains the same, and the network bandwidth is insufficient, it is recommended that you configure ARP aging probe packets to be unicast.
Aging parameters of dynamic ARP entries can be adjusted in the system view and interface view on the device.
  • If the parameters are configured in the system view, the configuration takes effect for dynamic ARP entries learned by all interfaces on the device.
  • If the parameters are configured both in the interface view of an interface and the system view, the configuration in the interface view takes effect for aging parameters of dynamic ARP entries learned by the interface.

Procedure

  • Adjust aging parameters of dynamic ARP entries in the system view.

    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      arp timeout expire-time

      The aging time of dynamic ARP entries is set.

      By default, the aging time of dynamic ARP entries is 1200 seconds, that is, 20 minutes.

    3. Run:

      arp detect times detect-times

      The number of probes to dynamic ARP entries is set.

      By default, the number of ARP probes is 3.

    4. Run:

      arp detect interval detect-interval

      The interval for sending ARP aging probe packets is set.

      By default, the interval for sending ARP aging probe packets is 5 seconds.

    5. Run:

      arp detect mode unicast

      An interface is configured to send ARP aging probe packets in unicast mode.

      By default, an interface sends the last ARP Aging probe packet in broadcast mode, and the rest ARP Aging Detection packets are sent in unicast mode.

    6. Run:

      commit

      The configuration is committed.

  • Adjust aging parameters of dynamic ARP entries in the interface view.

    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      interface interface-type interface-number

      The interface view is displayed.

    3. On an Ethernet interface, run:

      undo portswitch

      The interface is switched to Layer 3 mode.

      By default, an Ethernet interface works in Layer 2 mode.

      If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

      NOTE:

      If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

    4. Run:

      arp timeout expire-time

      The aging time of dynamic ARP entries is set.

      By default, the aging time of dynamic ARP entries is 1200 seconds, that is, 20 minutes.

    5. Run:

      arp detect times detect-times

      The number of probes to dynamic ARP entries is set.

      By default, the number of ARP probes is 3.

    6. Run:

      arp detect interval detect-interval

      The interval for sending ARP aging probe packets is set.

      By default, the interval for sending ARP aging probe packets is 5 seconds.

    7. Run:

      arp detect mode unicast

      An interface is configured to send ARP aging probe packets in unicast mode.

      By default, an interface sends the last ARP Aging probe packet in broadcast mode, and the rest ARP Aging Detection packets are sent in unicast mode.

    8. Run:

      commit

      The configuration is committed.

Disable the Device from Responding to TC packets

Context

After the device on a ring network is disabled from responding to TC packets, the device will not age or delete ARP entries after receiving TC packets, reducing resource consumptions caused by frequent ARP entry updates and minimizing adverse impacts on user services.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    arp topology-change disable

    The device is disabled from responding to TC packets.

    By default, the device responds to TC packets, so the device ages or deletes ARP entries after receiving a TC packet.

  3. Run:

    commit

    The configuration is committed.

Checking the Configuration
Procedure
  • Run the display this command in the system view or interface view to check aging parameter configurations of dynamic ARP entries.

Configuring Proxy ARP

The switch modules can function as a proxy of the destination host to reply an ARP Request message.

Pre-configuration Tasks

Before configuring proxy ARP, complete the following task:

  • Setting link layer protocol parameters for interfaces to ensure that the link layer protocol status of the interfaces is Up

Configuring Routed Proxy ARP

Context

Proxy ARP enables PCs or switch moduleses on the same network segment but on different physical networks to communicate. In actual applications, if the current server connected to the switch modules is not configured with a default gateway address (that is, the server does not know how to reach the intermediate system of the network), the server cannot forward data packets. Routed proxy ARP solves this problem.

Figure 6-14 shows the routed proxy ARP networking. Switch ModuleA uses VLAN10 and VLAN20 to connect two networks. IP addresses of the two VLAN interfaces are on different network segments. However, the masks make ServerA and VLANIF10 on the same network segment, ServerB and VLANIF20 on the same network segment, and ServerA and ServerB on the same network segment.

Figure 6-14 Networking diagram for configuring routed proxy ARP

ServerA sends an ARP Request packet, requesting the MAC address of ServerB. After receiving the packet, Switch ModuleA uses its MAC address to reply the Request packet. ServerA then forwards data using the MAC address of Switch ModuleA.

IP addresses of the STAservers on a subnet have the same network ID. Therefore, the default gateway address does not need to be configured on the STAservers.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The interface view is displayed.

  3. On an Ethernet interface, run:

    undo portswitch

    The interface is switched to Layer 3 mode.

    By default, an Ethernet interface works in Layer 2 mode.

    If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

    NOTE:

    If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

  4. Run:

    ip address ip-address { mask | mask-length }

    IP addresses are configured for interfaces.

    The IP address configured for the interface enabled with routed proxy ARP must be on the same network segment as the IP address of the connected server on a LAN.

  5. Run:

    arp proxy enable

    Routed proxy ARP is enabled on the interface.

    By default, routed proxy ARP is disabled on an interface.

    After proxy ARP is enabled, the aging time of ARP entries on servers should be shortened so that invalid ARP entries can be deleted as soon as possible. The number of packets received but cannot be forwarded by the device is decreased.

  6. Run:

    commit

    The configuration is committed.

Checking the Configuration
  • Run the display this command in the interface view to check whether routed proxy ARP is enabled.
Configuring Intra-VLAN Proxy ARP

Context

If two servers belong to the same VLAN but are isolated, enable intra-VLAN proxy ARP on an interface to allow the servers to communicate.

As shown in Figure 6-15, ServerA and ServerB connect to Switch ModuleA. The two interfaces that connect ServerA and ServerB to Switch ModuleA belong to VLAN10.

Figure 6-15 Intra-VLAN proxy ARP application

ServerA and ServerB cannot communicate at Layer 2 because interface isolation in a VLAN is configured on Switch ModuleA.

To solve this problem, enable intra-VLAN proxy ARP on the interfaces of Switch ModuleA. After an interface of Switch ModuleA receives an ARP Request packet whose destination address is not its own address, Switch ModuleA does not discard the packet but searches for the ARP entry. If the ARP entry matching ServerB exists, Switch ModuleA sends its MAC address to ServerA and forwards packets sent from ServerA to ServerB. Switch ModuleA functions as the proxy of ServerB.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The interface view is displayed.

  3. Run:

    arp proxy intra-vlan enable

    Intra-VLAN proxy ARP is enabled.

    By default, intra-VLAN proxy ARP is disabled.

  4. Run:

    commit

    The configuration is committed.

Checking the Configuration
  • Run the display this command in the VLANIF interface view to check whether Intra-VLAN proxy ARP is enabled.
Configuring Inter-VLAN Proxy ARP

Context

If two servers belong to different VLANs, enable inter-VLAN proxy ARP on interfaces to implement Layer 3 communication between the two servers.

As shown in Figure 6-16, ServerA and ServerB connect to Switch ModuleA. Interfaces that connect ServerA and ServerB to Switch ModuleA belong to VLAN10 and VLAN20 respectively.

Figure 6-16 Inter-VLAN proxy ARP application

Interfaces connecting ServerA and ServerB to Switch ModuleA belong to different VLANs. Therefore, ServerA and ServerB cannot communicate at Layer 2.

To solve this problem, inter-VLAN proxy ARP needs to be enabled on interfaces of Switch ModuleA. After an interface of Switch ModuleA receives an ARP Request packet whose destination address is not its own address, Switch ModuleA does not discard the packet but searches for the ARP entry. If the ARP entry matching ServerB exists, Switch ModuleA sends its MAC address to ServerA and forwards packets sent from ServerA to ServerB. Switch ModuleA functions as the proxy of HOSTB.

Inter-VLAN proxy ARP implements the following functions:

  • Allows users in different VLANs to communicate at Layer 3.

  • Allows users in different sub-VLANs to communicate. You need to enable inter-VLAN proxy ARP on the VLANIF interface of the super-VLAN.

Procedure

  1. Run:

    system-view

    Enter the system view.

  2. Run:

    interface interface-type interface-number

    The interface view is displayed.

  3. Run:

    arp proxy inter-vlan enable

    Inter-VLAN proxy ARP is enabled.

    By default, inter-VLAN proxy ARP is disabled.

  4. Run:

    commit

    The configuration is committed.

Checking the Configuration
  • Run the display this command in the VLANIF interface view to check whether Inter-VLAN proxy ARP is enabled.

Configuring the Fast ARP Reply Function

A device that functions as a gateway can have the fast ARP reply function configured so that it can fast respond to ARP Request packets.

Pre-configuration Tasks

Before configuring the fast ARP reply function, complete the following task:

  • Setting link layer protocol parameters for interfaces to ensure that the link layer protocol status of the interfaces is Up
Procedure
  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    undo arp fast-reply disable

    The fast ARP reply function is enabled.

    By default, the fast ARP reply function is enabled.

  3. Run:

    commit

    The configuration is committed.

Check the Configuration
  • Run the display current-configuration | include fast-reply command to check the fast ARP reply configuration.

Configuring Layer 2 Proxy ARP

Layer 2 proxy ARP can effectively isolate broadcast domains and reduce the impact of ARP broadcast messages on the network.

Pre-configuration Tasks

Before configuring Layer 2 proxy ARP, complete the following tasks:

Configuring link layer protocol parameters for interfaces to ensure that the link layer protocol on the interfaces is Up

Configuration Procedures
Figure 6-17 Flowchart of configuring Layer 2 proxy ARP

(Optional) Enabling DHCP Snooping
Background Information

DHCP snooping monitors Layer 2 DHCP services. Devices use DHCP snooping to monitor DHCP-REQUEST messages sent by the client and DHCP-ACK messages received by the trusted interface and sets up DHCP snooping entries that record clients' information. The information includes MAC addresses of clients, IP addresses obtained, interfaces connected to DHCP clients, and VLANs that the interfaces belong to.

Layer 2 proxy ARP entries can be either DHCP snooping entries or ARP snooping entries,
  • If DHCP snooping is enabled, Layer 2 proxy ARP entries are DHCP snooping entries and ARP snooping entries.

  • If DHCP snooping is disabled, Layer 2 proxy ARP entries are only ARP snooping entries.

Procedure

  • Enabling DHCP snooping in the VLAN view
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      dhcp enable

      DHCP is enabled globally.

      By default, DHCP is disabled globally.

    3. Run:

      dhcp snooping enable

      DHCP snooping is enabled globally.

      By default, DHCP snooping is disabled globally.

    4. Run:

      vlan vlan-id

      The VLAN view is displayed.

    5. Run:

      dhcp snooping enable

      DHCP snooping is enabled in a VLAN.

      By default,DHCP snooping is disabled in a VLAN.

    6. Run:

      quit

      Return to the system view.

    7. (Optional) Run:

      1. Run:

        interface interface-type interface-number

        The interface view is displayed.

      2. Run:

        dhcp snooping disable

        DHCP snooping is disabled for an inteface in the VLAN.

    8. Run:

      commit

      The configuration is committed.

  • Enabling DHCP snooping in the interface view
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      dhcp enable

      DHCP is enabled globally.

      By default, DHCP is disabled globally.

    3. Run:

      dhcp snooping enable

      DHCP snooping is enabled globally.

      By default, DHCP snooping is disabled globally.

    4. Run:

      interface interface-type interface-number

      The interface view is displayed.

    5. Run:

      dhcp snooping enable

      DHCP snooping is enabled on an interface.

      By default, DHCP snooping is disabled on an interface.

    6. Run:

      commit

      The configuration is committed.

Enabling Layer 2 Proxy ARP

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    vlan vlan-id

    The VLAN view is displayed.

  3. Run:

    arp l2-proxy enable

    Layer 2 proxy ARP is enabled.

    By default, Layer 2 proxy ARP is disabled.

    NOTE:

    When Layer 2 proxy ARP is enabled, ARP snooping is automatically enabled and sets up ARP snooping entries recording senders' information by means of monitoring ARP messages. When most network users obtain IP addresses using DHCP, to avoid proxy reply errors from fake ARP snooping entries generated by the bogus ARP messages that network attackers send, it is recommended that users disable the learning function in the VLAN view of ARP snooping entries running the arp l2-proxy learning dynamic-user disable command.

  4. Run:

    commit

    The configuration is committed.

(Optional) Configuring User-isolate Interfaces
Background Information

On a network an intermediate device is deployed between hosts and your device, if two hosts have the same matching interface in the DHCP snooping binding table, the device considers that these two hosts can directly communicate, so that your device will discard the received ARP request packets. However, if the interface isolation function has been configured on the intermediate device, the hosts will fail to communicate with each other.

This problem can be resolved by configuring the interface as a user-isolate interface. After the interface is configured as a user-isolate interface, the device will implement the Layer-2 proxy ARP function so that the hosts can communicate with each other.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The interface view is displayed.

  3. Run:

    arp l2-proxy user-isolate-port

    The interface is configured as a user-isolate interface.

    By default, no user-isolate interface is configured.

  4. Run:

    commit

    The configuration is committed.

(Optional) Configure the Maximum Number of ARP Snooping Entries
Background Information

Configure the maximum number of ARP snooping entries so that the entries will not consume excessive system resources. This ensures normal running of services.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    vlan vlan-id

    The VLAN view is displayed.

  3. Run:

    arp l2-proxy max-user max-number

    The maximum number of ARP snooping entries is configured.

    By default, the maximum number is 2000.

  4. Run:

    commit

    The configuration is committed.

(Optional) Configure the Aging Time of ARP Snooping Entries
Background Information

Configure the aging time of ARP snooping entries to avoid entry resources consumption when users are offline. This ensures that new online users' ARP snooping entries can be generated normally.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    vlan vlan-id

    The VLAN view is displayed.

  3. Run:

    arp l2-proxy timeout timeout

    The aging time of ARP snooping entries is configured.

    By default, the aging time is 900 seconds.

  4. Run:

    commit

    The configuration is committed.

Checking the Configuration

Procedure

  • Run the display arp l2-proxy vlan vlan-id [ ip ip-address | conflict user ] command to check the learned Layer 2 proxy ARP entries in the VLAN.

Configuring Egress ARP Inspection

Egress ARP inspection enables the switch modules to restrict the scope of ARP packet forwarding. This function prevents broadcast of ARP packets in a VLAN and reduces the traffic volume in the VLAN.

Context

As shown in Figure 6-18, SwitchB is located between DHCP server and user hosts. All the user hosts belong to VLAN 2 and obtain IP addresses through DHCP.

Figure 6-18 EAI networking

If SwitchB broadcasts ARP Request packets in the VLAN, the traffic volume in the VLAN increases. To reduce network loads in the VLAN, enable EAI in this VLAN on SwitchB. Before enabling EAI in a VLAN, run the dhcp snooping enable command to enable DHCP snooping globally.

After EAI is enabled, the switch modules matches destination IP addresses of received ARP Request packets with dynamic binding entries generated by DHCP snooping to determine outbound interfaces for the packets. If the destination IP address of an ARP Request packet matches a dynamic binding entry, the switch modules sends the packet to the outbound interface specified in the binding entry. If the outbound interface is the same as the inbound interface of the ARP Request packet, the switch modules discards the packet. If the destination IP address matches no binding entry, the switch modules processes the packet as follows:
  • If the ARP Request packet is sent from a trusted interface, the switch modules forwards the packet to other trusted interfaces. If there is no other trusted interface, the switch modules discards the packet.

  • If the ARP Request packet is sent from an untrusted interface, the switch modules forwards the packet to the trusted interface.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    vlan vlan-id

    The VLAN view is displayed.

  3. Run:

    dhcp snooping arp security enable

    EAI is enabled in the VLAN.

    By default, EAI is disabled.

    NOTE:

    After EAI is enabled, the switch modules sends all the received ARP Request packets to the CPU for software forwarding, which degrades the ARP packet forwarding performance.

    EAI and MAC-forced forwarding (MFF) cannot be configured in the same VLAN because the two functions use mutually exclusive ARP mechanisms. MFF uses the proxy ARP mechanism, whereas EAI forwards ARP Request packets.

    EAI cannot be configured in the super-VLAN.

  4. Run:

    commit

    The configuration is committed.

Configuring the EVN Network to Send Gateway Detection Packets Using a Virtual IP Address

You can configure the EVN network to send gateway detection packets using a virtual IP address, optimizing the virtual migration paths.

Procedure

  • Perform the following operations on the gateways.

    • System view

      1. Run:

        system-view

        The system view is displayed.

      2. Run:

        arp detect virtual-ip

        The device is configured to use a virtual IP address to send gateway detection packets.

      3. Run:

        commit

        The configuration is committed.

    • Interface view

      1. Run:

        system-view

        The system view is displayed.

      2. Run:

        interface interface-type interface-number

        The interface view is displayed.

      3. Run:

        arp detect virtual-ip

        The interface is configured to use a virtual IP address to send gateway detection packets.

      4. Run:

        commit

        The configuration is committed.

Configuring ARP-Ping

ARP-Ping includes ARP-Ping IP and ARP-Ping MAC. ARP-Ping sends ARP Request packets or ICMP Echo Request packets to check whether a specified IP address or MAC address is used.

Pre-configuration Tasks

Before configuring ARP-Ping, complete the following task:

  • Configuring link layer protocol parameters and IP addresses for interfaces to ensure that the link layer protocol status of the interfaces is Up.

Configuring ARP-Ping IP

Context

ARP-Ping IP sends ARP packets onto a LAN to check whether an IP address is being used by another device on the LAN.

The ping command can also check whether an IP address is in use. If the destination host or the switch modules configured with the firewall function are configured not to reply to ping packets, there is no response to the ping packet. Consequently, the IP address is considered unused. ARP is a Layer 2 protocol. In most cases, ARP packets can pass through the firewall that is disabled from replying to the Ping packets to prevent the preceding situation.

Procedure

  • Run:

    ping arp ip ip-address [ interface interface-type interface-number [ vlan-id vlan-id ] ] [ timeout timeout ]

    Check whether the IP address is used.

    • If the following information is displayed, the IP address is not used.

      <HUAWEI> ping arp ip 110.1.1.2
       ARP-Pinging 110.1.1.2:
      
      Error: Request timeout.
      Error: Request timeout.
      Error: Request timeout.
      Info: The IP address is not used by anyone.
    • If the following information is displayed, the IP address is used.

      <HUAWEI> ping arp ip 128.1.1.1
       ARP-Pinging 128.1.1.1:
      
      128.1.1.1 is used by 00e0-517d-f202       

Configuring ARP-Ping MAC

Context

When you know a specific MAC address but not the corresponding IP address on a network segment, you can obtain the corresponding IP address using the ping arp mac command to send ICMP packets. In this way, you can obtain the IP address mapping the MAC address.

Procedure

  • Run:

    ping arp mac mac-address { ip-address [ vpn-instance vpn-instance-name ] | interface interface-type interface-number }

    Check whether the MAC address is used.

    • If the following information is displayed, the MAC address is not used.

      <HUAWEI> ping arp mac 286e-d488-b6a7 interface vlanif 109
        OutInterface: Vlanif109 MAC[28-6E-D4-88-B6-A7], press CTRL_C to break         
      Error: Request timeout.                                                       
      Error: Request timeout.                                                       
      Error: Request timeout.                                                       
          ----- ARP-Ping MAC statistics -----                                         
          3 packet(s) transmitted                                                     
          0 packet(s) received                                                        
          MAC[28-6E-D4-88-B6-A7]  not be used 
    • If the following information is displayed, it means that the MAC address is used.

      <HUAWEI> ping arp mac 006d-8834-ae00 200.201.65.174
        LANIP: 200.201.65.174 MAC[00-6D-88-34-AE-00], press CTRL_C to break                                                               
          ----- ARP-Ping MAC statistics -----                                                                                             
          1 packet(s) transmitted                                                                                                         
          1 packet(s) received                                                                                                            
                                                                                                                                          
          IP ADDRESS                MAC ADDRESS                                                                                           
          200.201.65.174            00-6D-88-34-AE-00 

Configuring the function to detect IP address conflicts

After the function to detect IP address conflicts is enabled, the device will detect the IP address conflicts by ARP packets.

Context

When an IP address conflict occurs between network devices, it causes high CPU usage and route flapping. User services will be affected and even interrupted.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    arp ip-conflict-detect enable

    The function to detect IP address conflicts is enabled.

    By default, the function to detect IP address conflicts is disabled.

  3. Run:

    commit

    The configuration is committed.

Translation
Download
Updated: 2019-08-09

Document ID: EDOC1000041694

Views: 59178

Downloads: 3623

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next