No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

CloudEngine 8800, 7800, 6800, and 5800 V200R002C50

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ARP Configuration Commands

ARP Configuration Commands

NOTE:

The CE6810LI does not support IPv4 Layer 3 forwarding. After the IPv4 function is enabled on an interface of the CE6810LI, the configured IPv4 address can only be used to manage the switch.

arp constant-send enable

Function

The arp constant-send enable command enables the device to send ARP packets at a constant rate.

The undo arp constant-send enable command restores the default setting.

By default, the device is not enabled to send ARP packets at a constant rate.

Format

arp constant-send enable

undo arp constant-send enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

By default, a device broadcasts ARP aging probe and Miss messages at varied rates. If the number of ARP packets received by the peer device exceeds its processing capability, packets may be lost and services may be affected. To resolve the problem, run the arp constant-send enable command to enable the device to send ARP packets at a constant rate. Then, run the arp constant-send maximum command to set a proper constant rate as needed.

Example

# Enable the device to send ARP packets at a constant rate.

<HUAWEI> system-view
[~HUAWEI] arp constant-send enable

arp constant-send maximum

Function

The arp constant-send maximum command sets a constant rate for a device to send ARP packets.

The undo arp constant-send maximum command restores the default setting.

By default, the device sends 5 packets per 10 ms.

Format

arp constant-send maximum maximum-value

undo arp constant-send maximum [ maximum-value ]

Parameters

Parameter Description Value
maximum-value Specifies a constant rate at which ARP packets are sent. Specifically, this parameter indicates the number of ARP packets that the device can send per 10 ms.

The value is an integer ranging from 1 to 10.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After a device is enabled to send ARP packets at a constant rate, the device sends 5 ARP packets every 10 ms by default. To adjust the constant rate, run the arp constant-send maximum command. A proper constant rate can help prevent services from being affected on the peer device.

Prerequisites

The arp constant-send enable command has been run to enable the device to send ARP packets at a constant rate.

Precautions

The default setting is recommended.

Example

# Set the constant rate for sending ARP packets to 8 packets per 10 ms.

<HUAWEI> system-view
[~HUAWEI] arp constant-send maximum 8

arp detect interval

Function

The arp detect interval command sets the aging probe interval of dynamic Address Resolution Protocol (ARP) entries.

The undo arp detect interval command restores the default setting.

By default, the aging probe interval of dynamic ARP entries is 5 seconds.

Format

arp detect interval detect-interval

undo arp detect interval

Parameters

Parameter Description Value
detect-interval Specifies the aging probe interval of dynamic ARP entries. The value is an integer ranging from 1 to 5, in seconds.

Views

System view, Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To set the aging probe interval of dynamic ARP entries, run the arp detect-interval detect-interval command. Before aging a dynamic ARP entry, the system initiates detection. If the system does not receive any response within the detection interval, the system deletes the entry.

Configuration Impact

After the aging probe interval of dynamic ARP entries is set, the system detects dynamic ARP entries at this interval before aging the entries.

Precautions

The arp detect interval command can be used only on main interfaces and not sub-interfaces. In addition, the value obtained by multiplying the aging probe times by the aging probe interval must be smaller than the aging time of entries.

Example

# Set the aging probe interval to 3 seconds for dynamic ARP entries on 10GE 1/0/1.

<HUAWEI> system-view
[~HUAWEI] interface 10ge 1/0/1
[~HUAWEI-10GE1/0/1] undo portswitch
[*HUAWEI-10GE1/0/1] arp detect interval 3

arp detect mode unicast

Function

The arp detect mode unicast command configures an interface to send Address Resolution Protocol (ARP) aging probe messages in unicast mode.

The undo arp detect mode unicast command restores the default configuration.

By default, an interface sends the last ARP aging probe message in broadcast mode and the rest ARP aging probe messages in unicast mode.

Format

arp detect mode unicast

undo arp detect mode unicast

Parameters

None

Views

System view, Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Before aging ARP entries, an interface sends ARP aging probe messages at a specified aging probe interval. If responses are received, the device updates ARP entries on the interface. If no response is received for some ARP entries within a specified interval, the device ages these ARP entries. An aging probe message can be unicast or broadcast. To configure an interface to send aging probe messages in unicast mode, run the arp detect-mode unicast command.

If a non-Huawei device receives an ARP aging probe message with the destination MAC address as the broadcast address from a Huawei switch, but the IP-MAC mapping of the Huawei switch already exists in its ARP table, the non-Huawei device discards the ARP aging probe message. Because the Huawei switch fails to receive a response to the ARP aging probe message, the Huawei switch deletes the corresponding ARP entry. As a result, the traffic from the network side is interrupted. To resolve this problem, the Huawei switch must be configured to send ARP aging probe messages in unicast mode, and non-Huawei devices must be able to respond to unicast ARP aging probe messages.

Precautions

If the IP address of the peer device remains the same but the MAC address changes frequently, configuring an interface to send ARP aging probe messages in broadcast mode is recommended.

If the MAC address of the peer device remains the same, the network bandwidth is insufficient, and the aging time of ARP entries is set to a small value, configuring an interface to send ARP aging probe messages in unicast mode is recommended.

Example

# Configure an interface to send ARP aging probe messages in unicast mode.

<HUAWEI> system-view
[~HUAWEI] interface 10ge 1/0/1
[~HUAWEI-10GE1/0/1] undo portswitch
[*HUAWEI-10GE1/0/1] arp detect mode unicast

arp detect times

Function

The arp detect times command sets the aging probe times of dynamic Address Resolution Protocol (ARP) entries.

The undo arp detect times command restores the default setting.

By default, the aging probe times of dynamic ARP entries is 3.

Format

arp detect times detect-times

undo arp detect times

Parameters

Parameter Description Value
detect-times Specifies the aging probe times of dynamic ARP entries. The value is an integer ranging from 0 to 10.

Views

System view, Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To set the aging probe times of dynamic ARP entries, run the arp detect-times detect-times command. This reduces address resolution errors. Before aging a dynamic ARP entry, the system sends probe messages. If the system fails to receive any response for a specified number of times, the system deletes the ARP entry.

Precautions

If detect-times is set to 0, dynamic ARP entries are aged directly without detection.

Example

# Set the aging probe times to 5 for dynamic ARP entries on 10GE 1/0/1.

<HUAWEI> system-view
[~HUAWEI] interface 10ge 1/0/1
[~HUAWEI-10GE1/0/1] undo portswitch
[*HUAWEI-GigabitEthernet1/0/1] arp detect times 5

arp fast-reply disable

Function

The arp fast-reply disable command disables the fast ARP reply function.

The undo arp fast-reply disable command enables the fast ARP reply function.

By default, the fast ARP reply function is enabled.

Format

arp fast-reply disable

undo arp fast-reply disable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A device that functions as an access gateway needs to process a large number of ARP Request packets, which slows down the response speed of the device. You can run the undo arp fast-reply disable command to enable the fast ARP reply function. After this function is enabled, the device can fast respond to ARP Request packets.

Precautions

By default, the fast ARP reply function is enabled. After a device receives an ARP Request packet, the device checks whether an ARP entry corresponding to the source IP address of the ARP Request packet exists.
  • If the ARP entry exists, the device fast responds to the ARP Request packet. Rate limit does not take effect on the ARP packet.
  • If no such ARP entry exists, the device does not fast respond to the ARP Request packet. Rate limit takes effect on the ARP packet.

For tunnel-encapsulated packets, the device can only fast respond to ARP Request packets with VXLAN tunnel encapsulation, and cannot fast respond to ARP Request packets with other tunnel encapsulations.

Example

# Enable the fast ARP reply function.
<HUAWEI> system-view
[~HUAWEI] undo arp fast-reply disable

# Disable the fast ARP reply function.

<HUAWEI> system-view
[~HUAWEI] arp fast-reply disable

arp ip-conflict-detect enable

Function

The arp ip-conflict-detect enable command enables IP address conflict detection.

The undo arp ip-conflict-detect enable command disables IP address conflict detection.

By default, IP address conflict detection is disabled.

Format

arp ip-conflict-detect enable

undo arp ip-conflict-detect enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

When a device receives non-gratuitous Address Resolution Protocol (ARP) messages, it checks the IP addresses carried in the ARP messages. The device concludes that IP address conflicts exist on the network if any of the following conditions are met:
  • Local IP conflict occurs between a local device and another device. Specifically, a local device receives an ARP message having the same source IP address but a different MAC address with those of the interface receiving the message.

  • Remote IP conflict occurs between devices and users attached to a local access device. Specifically, a local access device receives an ARP message having the same source IP address but a different MAC address with those of an ARP entry on the device.

When an IP address conflict occurs between network devices, it causes high CPU usage and route flapping. User services will be affected and even interrupted.

To better manage device addresses and rapidly locate a fault causing an IP address conflict, run the arp ip-conflict-detect enable command in the system view to enable IP address conflict detection.

Example

# Enable IP address conflict detection.

<HUAWEI> system-view
[~HUAWEI] arp ip-conflict-detect enable

arp learning on-different-segment disable

Function

The arp learning on-different-segment disable command disables the function of learning ARP entries on different network segments.

The undo arp learning on-different-segment disable command enables the function of learning ARP entries on different network segments.

By default, the function of learning ARP entries on different network segments is enabled.

Format

arp learning on-different-segment disable

undo arp learning on-different-segment disable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

By default, the main physical interface of a device supports the function of learning ARP entries of IP addresses on different network segments, and the routed ARP proxy can access devices on different network segments. This function is by default disabled on logical interfaces and sub-interfaces. The process of learning ARP entries of IP addresses on different network segments is as follows: A device sends an ARP broadcast request packet on the network segment. Upon receipt of the ARP response packet by the routed ARP proxy, the device learns ARP entries, instead of checking the source IP address in the ARP response packets.

This, however, may pose the device to risks. For example, if a network attacker on the same network segment sends a large number of ARP request packets based on a false source IP address, ARP entries of the device may be used up.

To ensure service access and network security, run the arp learning on-different-segment disable command to disable the function of learning ARP entries on different network segments.

Configuration Impact

After the arp learning on-different-segment disable command is run, the device cannot learn ARP entries of the IP addresses on different network segments. However, the ARP entries of the IP addresses on different network segments that have learned before this configuration are still valid until the aging period of ARP entries ends.

Example

# Disable the function of learning ARP entries on different network segments.

<HUAWEI> system-view
[~HUAWEI] arp learning on-different-segment disable

arp l2-proxy enable

Function

The arp l2-proxy enable command enables Layer 2 proxy Address Resolution Protocol (ARP).

The undo arp l2-proxy enable command disables Layer 2 proxy ARP.

By default, Layer 2 proxy ARP is disabled.

NOTE:
CE6880EI does not support the command.

Format

arp l2-proxy enable

undo arp l2-proxy enable

Parameters

None

Views

VLAN view, or VLAN-Range view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After receiving an ARP request message, the device broadcasts the message in its broadcast domain. If the device receives a large number of ARP request messages in a short period of time and broadcasts the messages, excessive ARP request messages are forwarded in the broadcast domain. As a result, the bandwidth is wasted, and traffic congestion may occur.

To resolve this problem, run the arp l2-proxy enable command to enable Layer 2 proxy ARP on the device. After receiving an ARP request message, the device checks whether the destination IP address in the message matches an ARP entry. If a matching ARP entry is found, the device sends an ARP reply message with the MAC address of the destination. If no matching ARP entry is found, the device discards the message.

Precautions

Layer 2 proxy ARP can only be deployed based on VLANs, but cannot be deployed on the following VLANs:
  • Aggregated VLAN
  • VLAN for which a VLANIF interface has been configured

Example

# Enable VLAN-based Layer 2 proxy ARP.
<HUAWEI> system-view
[~HUAWEI] vlan 10
[*HUAWEI-vlan10] arp l2-proxy enable

arp l2-proxy learning dynamic-user disable

Function

The arp l2-proxy learning dynamic-user disable command disables Address Resolution Protocol (ARP) snooping binding entry learning.

The undo arp l2-proxy learning dynamic-user disable command enables ARP snooping binding entry learning.

By default, ARP snooping binding entry learning is enabled.

NOTE:
CE6880EI does not support the command.

Format

arp l2-proxy learning dynamic-user disable

undo arp l2-proxy learning dynamic-user disable

Parameters

None

Views

VLAN view, or VLAN-Range view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After Layer 2 proxy ARP is enabled, ARP snooping is automatically enabled. The device creates ARP snooping binding entries by listening to ARP messages. When user IP addresses are assigned by the DHCP server, the device creates a DHCP snooping binding table by intercepting DHCP messages. If attackers send a large number of fake ARP messages, the device creates incorrect entries in the ARP snooping binding table. As a result, the information in the ARP snooping binding table is different with that in the DHCP snooping binding table. Because the device performs ARP proxy based on the DHCP snooping binding table or ARP snooping binding table, Layer 2 ARP proxy is affected. To resolve this problem, run the arp l2-proxy learning dynamic-user disable command to disable ARP snooping binding entry learning.

Configuration Impact

After the arp l2-proxy learning dynamic-user disable command is run, the device cannot create ARP snooping binding entries for authorized users. If user addresses are not assigned by the DHCP server, Layer 2 ARP proxy cannot be implemented.

Prerequisites

Layer 2 proxy ARP has been enabled using the arp l2-proxy enable command.

Example

# Disable ARP snooping binding entry learning for VLAN 100.

<HUAWEI> system-view
[~HUAWEI] vlan 10
[*HUAWEI-vlan10] arp l2-proxy learning dynamic-user disable

arp l2-proxy max-user

Function

The arp l2-proxy max-user command sets the maximum number of Address Resolution Protocol (ARP) snooping binding entries.

The undo arp l2-proxy max-user command restores the default maximum number of ARP snooping binding entries.

By default, the maximum number of ARP snooping binding entries is 2000.

NOTE:
CE6880EI does not support the command.

Format

arp l2-proxy max-user max-number

undo arp l2-proxy max-user

Parameters

Parameter Description Value
max-number Specifies the maximum number of ARP snooping binding entries. The value is an integer ranging from 1 to32768.

Views

VLAN view, or VLAN-Range view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After Layer 2 proxy ARP is enabled, ARP snooping is automatically enabled. The device creates ARP snooping binding entries by listening to ARP messages. If the device stores excessive ARP snooping binding entries, the CPU resources are wasted, affecting services. To resolve this problem, run the arp l2-proxy max-user command to set the maximum number of ARP snooping binding entries.

Prerequisites

Layer 2 proxy ARP has been enabled using the arp l2-proxy enable command.

Precautions

Set a proper maximum number of ARP snooping binding entries based on CPU resources and service requirements. Using the default maximum number of ARP snooping binding entries is recommended.

Example

# Set the maximum number of ARP snooping binding entries to 600 for VLAN 10.

<HUAWEI> system-view
[~HUAWEI] vlan 10
[*HUAWEI-vlan10] arp l2-proxy max-user 600

arp l2-proxy gateway-mac

Function

The arp l2-proxy gateway-mac command enables the gateway proxy function for an Address Resolution Protocol (ARP) proxy.

The undo arp l2-proxy gateway-mac command disables the gateway proxy function from an ARP proxy.

By default, the gateway proxy function is disabled from an ARP proxy.

NOTE:

Only the CE6850HI, CE6850U-HI, CE6851HI, CE6855HI, CE6856HI, CE6860EI, CE6870EI, CE6880EI, CE7850EI, CE7855EI, CE8850EI, and CE8860EI support the command.

Format

arp l2-proxy gateway-mac

undo arp l2-proxy gateway-mac

Parameters

None

Views

BD view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To improve network security and avoid Layer 2 users in a BD domain from direct communication with each other, run the arp l2-proxy gateway-mac command to enable the gateway proxy function so that traffic can be diverted to the desired gateway.

Prerequisites

A Layer 3 BDIF interface exists in the BD domain. That is, a Layer 3 gateway exists.

ARP broadcast suppression has been enabled using the arp broadcast-suppress enable command.

Precautions

  • ARP broadcast suppression does not take effect and free ARP will be terminated after the gateway proxy function is enabled.
  • The tunnel-side ARP request packets do not use the gateway proxy function.

Example

# Enable the gateway proxy function on an ARP proxy.
<HUAWEI> system-view
[*HUAWEI] bridge-domain 10
[*HUAWEI-bd10] arp broadcast-suppress enable
[*HUAWEI-bd10] arp l2-proxy gateway-mac

arp l2-proxy timeout

Function

The arp l2-proxy timeout command sets the aging time of Address Resolution Protocol (ARP) snooping binding entries.

The undo arp l2-proxy timeout command restores the default aging time of ARP snooping binding entries.

By default, the aging time of ARP snooping binding entries is 900s.

NOTE:
CE6880EI does not support the command.

Format

arp l2-proxy timeout expire-time

undo arp l2-proxy timeout [ expire-time ]

Parameters

Parameter Description Value
expire-time Specifies the aging time of ARP snooping binding entries. The value is an integer ranging from 1 to 62640, in seconds.

Views

VLAN view, or VLAN-Range view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Each ARP snooping binding entry has a life cycle, called aging time. If an ARP snooping binding entry is not updated before its aging time expires, the entry will be deleted.

If the device stores a large number of ARP snooping binding entries, the CPU resources are wasted, and ARP snooping binding entries for new users cannot be generated. To resolve this problem, run the arp l2-proxy timeout command to set the aging time of ARP snooping binding entries.

Prerequisites

Layer 2 proxy ARP has been enabled using the arp l2-proxy enable command.

Precautions

Set the aging time for ARP snooping binding entries based on the networking requirement.
  • If the aging time of ARP snooping binding entries is too short, the device refreshes ARP snooping binding entries frequently, wasting CPU resources and affecting other services.
  • If the aging time of ARP snooping binding entries is too long, the device cannot refresh ARP snooping binding entries promptly and sends packets to the peer device based on the existing ARP snooping binding entries. As a result, services will be interrupted.
Using the default aging time of ARP snooping binding entries is recommended.

Example

# Set the aging time of ARP snooping binding entries to 600s.

<HUAWEI> system-view
[~HUAWEI] vlan 10
[*HUAWEI-vlan10] arp l2-proxy timeout 600

arp l2-proxy user-isolate-port

Function

The arp l2-proxy user-isolate-port command configures an interface as a user-isolate interface.

The undo arp l2-proxy user-isolate-port command restores a user-isolate interface to a normal interface.

By default, no user-isolate interface is configured.

NOTE:
CE6880EI does not support the command.

Format

arp l2-proxy user-isolate-port

undo arp l2-proxy user-isolate-port

Parameters

None

Views

Eth-Trunk interface view, GE interface view, 10GE interface view, 25GE interface view, 40GE interface view, 100GE interface view, or interface group view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The arp l2-proxy user-isolate-port command applies to a network on which an intermediate device is deployed between hosts and your device. If two hosts have the same matching interface in the DHCP snooping binding table, the device considers that these two hosts can directly communicate, so that your device will discard the received Address Resolution Protocol (ARP) request messages. However, if the Layer 2 interface isolation function has been configured on the intermediate device, the hosts will fail to communicate with each other.

To resolve this problem, run the arp l2-proxy user-isolate-port command on your device to configure an interface as a user-isolate interface to implement Layer 2 proxy ARP, so that hosts can communicate with each other.

Prerequisites

Layer 2 proxy ARP has been enabled using the arp l2-proxy enable command.

Example

# Configure 10GE 1/0/1 as a user-isolate interface.

<HUAWEI> system-view
[~HUAWEI] interface 10ge 1/0/1
[~HUAWEI-10GE1/0/1] undo portswitch
[*HUAWEI-10GE1/0/1] arp l2-proxy user-isolate-port

arp operation-failure record syslog

Function

The arp operation-failure record syslog command enables the switch to record a system log when an ARP entry fails to be delivered.

The undo arp operation-failure record syslog command disables the switch from recording a system log when an ARP entry fails to be delivered.

By default, the switch does not record a system log when an ARP entry fails to be delivered.

Format

arp operation-failure record syslog

undo arp operation-failure record syslog

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the arp operation-failure record syslog command to enable the switch to record a system log when an ARP entry fails to be delivered, facilitating maintenance and management.

Example

# Enable the switch to record a system log when an ARP entry fails to be delivered.

<HUAWEI> system-view
[~HUAWEI] arp operation-failure record syslog

arp proxy enable

Function

The arp proxy enable command enables routed proxy Address Resolution Protocol (ARP) on an interface.

The undo arp proxy enable command disables routed proxy ARP on an interface.

By default, routed proxy ARP is disabled on interfaces.

NOTE:

The CE6810LI does not support routed proxy ARP.

Format

arp proxy enable

undo arp proxy enable

Parameters

None

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When two hosts reside on different network segments and do not have default gateways configured, run the arp proxy enable command on the device that connects to the two hosts to enable routed proxy ARP. This configuration implements IP address resolution between the two hosts.

Precautions

The network IDs in the IP addresses of hosts on each subnet must be the same. The hosts do not need to have default gateways configured.

Example

# Enable routed proxy ARP on 10GE 1/0/1.

<HUAWEI> system-view
[~HUAWEI] interface gigabitethernet 1/0/0
[~HUAWEI-10GE1/0/1] undo portswitch
[*HUAWEI-10GE1/0/1] arp proxy enable

arp proxy intra-vlan enable

Function

The arp proxy intra-vlan enable command enables intra-VLAN proxy Address Resolution Protocol (ARP).

The undo arp proxy intra-vlan enable command disables intra-VLAN proxy ARP.

By default, intra-VLAN proxy ARP is disabled.

NOTE:

The CE6810LI does not support intra-VLAN proxy ARP.

Format

arp proxy intra-vlan enable

undo arp proxy intra-vlan enable

Parameters

None

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If two hosts are within the same isolate-user-VLAN, communication between them on the Layer 2 network cannot be implemented. In this case, run the arp proxy intra-vlan enable command on the associated VLAN interface to enable intra-VLAN proxy ARP. This configuration implements communication between the hosts within an isolate-user-VLAN.

Prerequisites

Hosts that require communication are within the same VLAN, and it is an isolate-user-VLAN.

Example

# Enable intra-VLAN proxy ARP on a VLANIF interface.

<HUAWEI> system-view
[~HUAWEI] vlan 20
[*HUAWEI-vlan20] quit
[*HUAWEI] interface vlanif 20
[*HUAWEI-vlanif20] arp proxy intra-vlan enable

arp proxy inter-vlan enable

Function

The arp proxy inter-vlan enable command enables inter-VLAN proxy Address Resolution Protocol (ARP).

The undo arp proxy inter-vlan enable command disables inter-VLAN proxy ARP.

By default, inter-VLAN proxy ARP is disabled.

NOTE:

The CE6810LI does not support inter-VLAN proxy ARP.

Format

arp proxy inter-vlan enable

undo arp proxy inter-vlan enable

Parameters

None

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

By using VLANs, you can divide a network into different subnets, therefore dividing large broadcast domains into several small ones. This implements user isolation between VLANs, effectively limiting the scope of broadcast packets and improving network security.
  • To implement Layer 2 communication between different VLANs, you must enable inter-VLAN proxy ARP on the interface.

To enable inter-VLAN proxy ARP, run the arp proxy inter-vlan enable command.

Precautions

You must configure QinQ (Layer 2 encapsulation) on Ethernet sub-interfaces, GE sub-interfaces, and Eth-Trunk sub-interfaces to support inter-VLAN proxy ARP.

After inter-VLAN proxy ARP is enabled and packets are sent from different VLANs but do not have the corresponding ARP entries, ARP packets are replicated in all VLANs on the involved sub-interface. If a lot of VLANs are configured, a large number of ARP packets need to be replicated, causing heavy burden on the peer device and abnormalities (such as high CPU usage and broadcast suppression) on downstream devices. In addition, the local device may fail to send ARP packets in time due to the replication of a large number of packets, which may lead to ARP learning failures. Therefore, do not configure too many VLANs on an interface.

Example

# Enable inter-VLAN proxy ARP on a 10GE sub-interface.

<HUAWEI> system-view
[~HUAWEI] interface 10ge 1/0/1.3
[~HUAWEI-10GE1/0/1.3] arp proxy inter-vlan enable

arp resource-mode

Function

The arp resource-mode command configures the ARP resource allocation mode.

The undo arp resource-mode command restores the default ARP resource allocation mode.

By default, the ARP resource allocation mode is global mode.

Format

arp resource-mode { global | extend }

undo arp resource-mode { global | extend }

NOTE:

Only the CE6870EI supports this command.

Parameters

Parameter Description Value
global Specifies the global mode for ARP resource allocation. -
extend Specifies the extend mode for ARP resource allocation. -

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

For the device, learned ARP information are saved into EEDB entries of the chip. ARP resource allocation modes are classified depending on the mode in which ARP information is stored into EEDB entries:
  • global

    In Figure 8-1, the global mode indicates that ARP information is identified based on the key composed of the IP address, logical interface index, and physical interface index. ARP information is stored on all chips based on the same resource index, that is, ARP information stored on each chip is the same.

    In this mode, the maximum number of ARP resources of the device refers to that of the chip with minimum specifications among all chips.

    Figure 8-1  global mode
  • local

    In Figure 8-2, the local mode indicates that ARP information is identified based on the key composed of the IP address, logical interface index, and physical interface index. ARP information is stored only on the chip where the outbound interface is located, that is, ARP information stored on each chip is different.

    In local mode, the maximum number of ARP resources of the device is relevant to the chip where the outbound interface is located.
    • If all outbound interfaces corresponding to ARP information are located on the same chip, the maximum number of ARP resources of the device is that of the chip.
    • If all outbound interfaces corresponding to ARP information are located on different chips, the maximum number of ARP resources of the device is the sum of ARP resources of all chips.
    Figure 8-2  local mode
  • extend

    In Figure 8-3, the extend mode indicates that ARP information is identified based on the key composed of the highest 44 bits of a MAC address. ARP information is stored on all chips based on the same resource index, that is, ARP information stored on each chip is the same. The difference between extend and global modes is that ARP information corresponding to contiguous MAC addresses is aggregated in extend mode. That is, ARP information with the same highest 44 bits of a MAC address corresponds to the same ARP resource.

    In local mode, the maximum number of ARP resources of the device depends on whether MAC addresses are contiguous.
    • If MAC addresses corresponding to ARP information is noncontiguous, the maximum number of ARP resources of the device refers to that of the chip with minimum specifications among all chips.
    • If MAC addresses corresponding to ARP information is contiguous, the maximum number of ARP resources of the device refers to that of the chip with minimum specifications among all chips multiplied by 16.
    Figure 8-3  extend mode

Precautions

  • If the extend mode is used for ARP resource allocation on the CE6870EI, the CAR value has a certain offset of which the format is 5/(Packet length + 24). The unit of the packet length is byte.

  • In the stack environment, the ARP extended mode conflicts with the traffic-policy { ipv4-enhance-mode | ipv6-enhance-mode } command.
  • In the stack environment, the ARP extended mode conflicts with the outbound MQC service that matches fragments, Layer 4 port number, or TCP flag but does not match IPv6 rules or execute the CAR action.
  • When the device is configured to use the enhanced mode during application of a traffic policy, the ARP resource allocation mode cannot be set to extend. If the ARP resource allocation mode cannot be set to extend, the device cannot be configured to use the enhanced mode during application of a traffic policy.

Follow-up Procedure

Run the save command to save the configuration and run the reboot command to restart the device to make the configuration take effect. If you do not run the two commands, packet forwarding may be abnormal.

Example

# Set the ARP resource allocation mode to extend mode.
<HUAWEI> system-view
[~HUAWEI] arp resource-mode extend

arp static

Function

The arp static command configures a static Address Resolution Protocol (ARP) entry.

The undo arp static command deletes a static ARP entry.

By default, no static ARP entry is configured.

Format

# Configure or delete a static ARP entry corresponding to the main interface.

arp static ip-address mac-address [ vpn-instance vpn-instance-name ]

undo arp static ip-address [ mac-address ] [ vpn-instance vpn-instance-name ]

# Configure or delete a short static ARP entry corresponding to a VLANIF interface.

arp static ip-address mac-address [ vpn-instance vpn-instance-name ]

undo arp static ip-address [ mac-address ] [ vpn-instance vpn-instance-name ]

# Configure or delete a long static ARP entry corresponding to a VLANIF interface.

arp static ip-address mac-address { vlan vlan-id [ interface interface-type interface-number ] | interface interface-type interface-number }

undo arp static ip-address [ mac-address ] { vlan vlan-id [ interface interface-type interface-number ] | interface interface-type interface-number }

# Configure or delete a static ARP entry corresponding to a Layer 2 sub-interface.

arp static ip-address mac-address { vlan vlan-id [ interface interface-type interface-number ] | interface interface-type interface-number }

undo arp static ip-address [ mac-address ] { vlan vlan-id [ interface interface-type interface-number ] | interface interface-type interface-number }

arp static ip-address mac-address vlan pevlan-id cevlan cevlan-id interface interface-type interface-number

undo arp static ip-address [ mac-address ] vlan pevlan-id cevlan cevlan-id interface interface-type interface-number

# Delete all the static ARP entries.

undo arp static all

# Delete all the static ARP entries in the specified VPN.

undo arp static vpn-instance vpn-instance-name

NOTE:
The vlan pevlan-id cevlan cevlan-id parameter only configures static ARP entries for QinQ Layer 2 sub-interfaces. Only the CE6850HI, CE6850U-HI, CE6851HI, CE6855HI, CE6856HI, CE6870EI, CE7850EI, CE7855EI, CE8850EI, and CE8860EI support this parameter.

Parameters

Parameter Description Value
ip-address Specifies the IP address of a static ARP entry. The value is in dotted decimal notation.
mac-address Specifies the MAC address of a static ARP entry. The value is a 12-digit hexadecimal number, in the format of H-H-H. Each H is 4 digits. If an H contains fewer than 4 digits, the left-most digits are padded with zeros. For example, e0 is displayed as 00e0.
vpn-instance vpn-instance-name Specifies the VPN instance of a static ARP entry. The value is a string of 1 to 31 case-sensitive characters, spaces not supported. In addition, the VPN instance name must not be _public_. When double quotation marks are used around the string, spaces are allowed in the string.
vlan vlan-id Specifies the VLAN ID corresponding to a static ARP entry.

If this parameter is specified, the static ARP entry belongs to the specified VLAN.

The value is an integer ranging from 1 to 4094.
vlan pevlan-id Specifies the outer VLAN ID corresponding to a static ARP entry. The value is an integer ranging from 1 to 4094.
cevlan cevlan-id Specifies the outer VLAN ID corresponding to a static ARP entry. The value is an integer ranging from 1 to 4094.
interface interface-type interface-number Specifies the interface that sends a static ARP message. -
all Indicates that all the static ARP entries are deleted. -

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To configure mapping between IP addresses and MAC addresses for security or management purposes, run the arp static command.

The IP and MAC address mapping in a static ARP entry is fixed. Neither the host nor the device can adjust the mapping. Static ARP entries remain valid when the routing device works normally.

You can configure static ARP entries in either of the following situations:
  • To allow packets whose destination IP addresses are not on a network segment to be forwarded by a certain gateway on the network segment.

  • To filter out packets with invalid destination IP addresses. These invalid IP addresses can be bound to a non-existent MAC address.

On a VXLAN, if the service access point is a Layer 2 sub-interface, you can configure the IP-to-MAC mapping on the access side and specify the interface interface-type interface-number parameter as a Layer 2 sub-interface. You can also specify the inner and outer VLAN IDs. Pay attention to the following configuration difference between the following traffic encapsulation types for the Layer 2 sub-interface:
  • Dot1q traffic encapsulation type: You can specify the vlan vlan-id parameter whose value is consistent with encapsulation dot1q [ vid vid ] .
  • QinQ traffic encapsulation type: You can specify the vlan pevlan-id cevlan cevlan-id parameter whose value is consistent with encapsulation qinq [ vid pe-vid ce-vid ce-vid ].

Configuration Impact

After a static ARP entry is configured, the ARP entry cannot be dynamically learned.

Precautions

ip-address specified in this command and the IP address of the outbound interface specified by interface must be on the same network segment.

Example

# Configure a static ARP entry with the IP address 10.0.0.1 mapped to the MAC address aa-fcc-12.
<HUAWEI> system-view
[~HUAWEI] arp static 10.0.0.1 aa-fcc-12
# Configure a static ARP entry with the IP address 1.1.1.1 mapped to the MAC address 2-2-2, outer VLAN ID as 100, and inner VLAN ID as 200.
<HUAWEI> system-view
[~HUAWEI] arp static 1.1.1.2 2-2-2 vlan 100 cevlan 200 interface 10GE 3/0/1.1

arp topology-change disable

Function

The arp topology-change disable command disables the device from responding to topology change (TC) packets. With this configuration, the device does not age or delete Address Resolution Protocol (ARP) entries after receiving a TC packet.

The undo arp topology-change disable command enables the device to respond to TC packets.

By default, the device responds to TC packets.

Format

arp topology-change disable

undo arp topology-change disable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

By default, after a loop-prevention protocol detects a network topology change, it will send a protocol packet to instruct the device to age or delete ARP entries. Then the device will re-learn ARP entries.

However, if the network topology changes frequently or a device has a large number of ARP entries, re-learning of ARP entries causes ARP entry flooding, which consumes network resources and affects other services on the device. To resolve this problem, run the arp topology-change disable command to disable the device from responding to TC packets.

Precautions

After the arp topology-change disable command is run, the device will not age or delete ARP entries. Therefore, if an ARP entry does not contain the latest information about a peer device, services will be interrupted between the local and peer devices.

Example

# Disable the device from responding to TC packets.

<HUAWEI> system-view
[~HUAWEI] arp topology-change disable

arp timeout

Function

The arp timeout command sets the aging time of dynamic Address Resolution Protocol (ARP) entries.

The undo arp timeout command restores the default setting.

By default, the aging time of dynamic ARP entries is 1200 seconds, namely, 20 minutes.

Format

arp timeout expire-time

undo arp timeout

Parameters

Parameter Description Value
expire-time Specifies the aging time of dynamic ARP entries.

The value is an integer ranging from 60 to 86400, in seconds. The default value is 1200 seconds, that is, 20 minutes.

Views

System view, Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To ensure communication reliability, you need to update ARP entries when they are invalid. A dynamic ARP entry has a life cycle. If a dynamic ARP entry is not updated before its life cycle ends, this dynamic ARP entry will be deleted from the ARP table. The life cycle is called aging time. If the entry is updated before its life cycle expires, the aging time of the entry is recalculated. You can run the aarp timeout command to adjust aging time for ARP entries to ensure their updating.

Configuration Impact

  • If the aging time set for a dynamic ARP entry is short, the refreshment for the ARP entry will consume huge number of system resources, causing adverse impacts on other services, a network flapping and even traffic forwarding.

  • If the aging time set for a dynamic ARP entry is long, the ARP entry will not be promptly updated when it is invalid. For example, if a device fails to work or a network card is changed but the invalid ARP entry has not updated yet, the device sends packets to the peer device based on the existing ARP entry. As a result, the service will be interrupted.

Precautions

After this command is run, the aging time of dynamic ARP entries is changed on an interface.

Example

# Set the aging time of dynamic ARP entries on 10GE 1/0/1 to 600 seconds.
<HUAWEI> system-view
[~HUAWEI] interface 10ge 1/0/1
[~HUAWEI-10GE1/0/1] undo portswitch
[*HUAWEI-10GE1/0/1] arp timeout 600

dhcp snooping arp security enable

Function

The dhcp snooping arp security enable enables the device to forward Address Resolution Protocol (ARP) request packets based on the DHCP snooping binding table.

The undo dhcp snooping arp security enable command disables this function.

By default, this function is disabled.

NOTE:
CE6880EI does not support the command.

Format

dhcp snooping arp security enable

undo dhcp snooping arp security enable

Parameters

None

Views

VLAN view, or VLAN-Range view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If you want your device to use the DHCP snooping binding table to determine how to process an ARP packet, run the dhcp snooping arp security enable command. After this command is run, the device checks whether the destination IP address in a received ARP request packet matches an entry in the DHCP snooping binding table. If a matching entry exists, the device forwards the packet. If no matching entry exists, the device sends the packet to a trusted interface.

NOTE:
After DHCP snooping is enabled, an interface can be configured as a trusted or untrusted interface. Generally, the interfaces connected to legitimate DHCP servers are configured as trusted, and all other interfaces are configured as untrusted. By default, all interfaces are untrusted interfaces. For details about DHCP snooping, see the chapter "DHCP Snooping" in the CloudEngine 8800, 7800, 6800, and 5800 Series Feature Description - Security.

Configuration Impact

After the dhcp snooping arp security enable command is run, the device sends all ARP request packets to the CPU to perform soft forwarding. As a result, the processing speed on ARP packets will be reduced.

Prerequisites

DHCP snooping has been enabled globally by running the dhcp snooping enable command.

Precautions

The ARP security associated with DHCP snooping enables the device to forward ARP request packets based on the DHCP snooping binding table. MFF enables the device to perform Layer-2 ARP proxy after the device receives ARP request packets. The ARP security associated with DHCP snooping is mutually exclusive with MFF, so they cannot be enabled in the same VLAN.

Example

# Enable the device to forward ARP request packets based on the DHCP snooping binding table in the VLAN view.

<HUAWEI> system-view
[~HUAWEI] vlan 20
[*HUAWEI-vlan20] dhcp snooping arp security enable

display arp

Function

The display arp command displays Address Resolution Protocol (ARP) entries learned by a device.

Format

display arp [ network network-address [ network-mask | mask-length ] ] [ dynamic | static ]

Parameters

Parameter Description Value
network network-address Displays ARP entries that contain a specified network address. -
network-mask Specifies a network mask. The value is in dotted decimal notation.
mask-length Specifies a network mask length. The value is an integer ranging from 1 to 32.
dynamic Displays dynamic ARP entries. -
static Displays static ARP entries. -

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

To check ARP entries learned by a device or locate ARP faults, run the display arp command.

Example

# Display ARP entries learned by all interfaces of a device (for CE6810LI).
<HUAWEI> display arp
ARP Entry Types: D - Dynamic, S - Static, I - Interface, O - OpenFlow
EXP: Expire-time
IP ADDRESS      MAC ADDRESS    EXP(M) TYPE/VLAN INTERFACE       VPN-INSTANCE
------------------------------------------------------------------------------
100.53.219.218  0024-0671-0810        I         MEth0/0/0        
100.53.1.1      d849-0b94-27ee   20   D         MEth0/0/0        
100.53.157.22   688f-8400-d237    8   D         MEth0/0/0               
------------------------------------------------------------------------------
Total:3          Dynamic:2        Static:0    Interface:1    OpenFlow:0 

# Display ARP entries learned by all interfaces of a device (for non-CE6810LI).

<HUAWEI> display arp
ARP Entry Types: D - Dynamic, S - Static, I - Interface, O - OpenFlow 
EXP: Expire-time VLAN:VLAN or Bridge Domain
IP ADDRESS      MAC ADDRESS     EXP(M)    TYPE/VLAN   INTERFACE   VPN-INSTANCE
------------------------------------------------------------------------------
5.1.1.10        0001-0001-0001            S
10.1.1.11       0001-0001-0001            S/10        10GE1/0/1  
5.1.1.3         3884-d021-0300            I           10GE1/0/1       
5.1.1.1         3884-d011-0300    18      D           10GE1/0/1       
10.1.1.2        38ba-71ca-ef03            I           Vlanif10         
10.1.1.1        38ba-71d2-3802    20      D/10        10GE1/0/1  
1.1.1.2         0001-0203-0405            O           Vbdif11.
1.1.1.3         0001-0203-0405            O           Vbdif11.
1.1.1.5         0001-0001-0005           S/BD2        10GE1/0/1.2  
1.1.1.6         0001-0001-0006    20     D/BD2        2.2.2.2    
------------------------------------------------------------------------------
Total:8         Dynamic:2       Static:2    Interface:2    OpenFlow:2
Table 8-5  Description of the display arp command output

Item

Description

ARP Entry Types

ARP entry type:
  • I: Interface, indicating an interface's ARP entry

  • D: Dynamic, indicating dynamic entries obtained using ARP messages

  • S: Static, indicating static ARP entries configured

  • O: OpenFlow, indicating an ARP entry delivered from the controller to a forwarder

IP ADDRESS

IP address in an ARP entry

MAC ADDRESS

MAC address in an ARP entry

EXP(M)

Remaining lifetime of an ARP entry, in minutes

TYPE/VLAN

Type and VLAN ID of an ARP entry. The ARP entry type can be:
  • I: Interface, indicating an interface's ARP entry

  • D: Dynamic, indicating dynamic entries obtained using ARP messages

  • S: Static, indicating static ARP entries configured

  • O: OpenFlow, indicating an ARP entry delivered from the controller to a forwarder

INTERFACE

Type and number of the interface that has learned ARP entries

VPN-INSTANCE

VPN instance name of an ARP entry

Total

Number of ARP entries in the ARP table

Dynamic

Number of dynamic ARP entries in the ARP table

Static

Number of static ARP entries in the ARP table

Interface

Number of ARP entries for the local interface in the ARP table

OpenFlow

Number of ARP entries delivered from the controller to a forwarder

display arp fast-reply statistics

Function

The display arp fast-reply statistics command displays statistics on fast ARP Reply packets.

Format

display arp fast-reply statistics [ interface interface-type interface-number | ip ip-address [ vpn-instance vpn-instance-name ] ]

Parameters

Parameter Description Value
interface interface-type interface-number Displays statistics on fast ARP Reply packets on a specified interface.
  • interface-type specifies the interface type.
  • interface-number specifies the interface number.
-
ip ip-address Displays statistics on fast ARP Reply packets of a specified IP address. The value is in dotted decimal notation.
vpn-instance vpn-instance-name Displays statistics on fast ARP Reply packets of a specified VPN instance. The value must be an existing VPN instance.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run this command to check statistics on fast ARP Reply packets after the fast ARP reply function is enabled on the device.

Example

# Display statistics on fast ARP Reply packets on all interfaces.

<HUAWEI> display arp fast-reply statistics
Status : Enable                                                                                                                     
                                                                                                                                    
Slot                      Received request          Sent reply                                                                      
-----------------------------------------------------------------------------                                                       
1                         67                        58                                                                              
----------------------------------------------------------------------------- 

# Display statistics on fast ARP Reply packets on 10GE 1/0/1.

<HUAWEI> display arp fast-reply statistics interface 10ge 1/0/1
Status : Enable                                                                                                                     
                                                                                                                                    
Interface                 Received request          Sent reply                                                                      
-----------------------------------------------------------------------------                                                       
10ge 1/0/1                0                         0  

# Display statistics on fast ARP Reply packets with the specified IP address.

<HUAWEI> display arp fast-reply statistics ip 10.1.1.1 
Status : Enable                                                                                                                     
                                                                                                                                    
IP                        Received request          Sent reply                                                                      
-----------------------------------------------------------------------------                                                       
10.1.1.1                  0                         0    
Table 8-6  Description of the display arp fast-reply statistics command output

Item

Description

Status

Status of the fast ARP reply function:
  • Enable: The fast ARP reply function is enabled.
  • Disable: The fast ARP reply function is disabled.

Slot

Stack ID.

Received request

Number of received ARP Request packets.

Sent reply

Number of sent ARP Reply packets during fast ARP reply.

Interface

Interface type and number.

IP

IP address.

display arp forwarding-status

Function

The display arp forwarding-status command displays whether ARP entries learned by an interface are delivered and ARP entry statistics.

NOTE:

The CE6880EI does not support this command.

Format

display arp forwarding-status [ vpn-instance vpn-instance-name | all-vpn-instance ] [ interface interface-type interface-number ]

Parameters

Parameter Description Value
interface interface-type interface-number Specifies an interface.
  • interface-type specifies the interface type.
  • interface-number specifies the interface number.
-
vpn-instance vpn-instance-name Specifies a VPN instance. The vpn-instance-name specifies the name of the VPN instance. The value is a string of 1 to 31 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string. The value _public_ is reserved and cannot be used as the VPN instance name.
all-vpn-instance Indicates all the instances. -

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After an interface learns an ARP entry, the device delivers the ARP entry to the chip to direct packet forwarding. If the learned ARP entry fails to direct packet forwarding, you can run the display arp forwarding-status command to check whether the ARP entry is delivered and view ARP entry statistics. This command facilitates fault location and improves network maintainability.

Example

# Display whether ARP entries learned by all interfaces are delivered and ARP entry statistics.

<HUAWEI> display arp forwarding-status
----------------------------------------------------------------------------------------                                            
ARP Table : _public_                                                                                                                
                                                                                                                                    
    Total number: 66  Success number: 66  Fail number: 0                                                                            
                                                                                                                                    
IP Address      MAC Address    Interface              Gateway                State                                                  
10.1.1.2        0000-1020-2010 10GE2/0/0              10GE2/0/0              Available                                       
Table 8-7  Description of the display arp forwarding-status command output

Item

Description

ARP Table : _public_

The ARP table is a public ARP table. If the ARP table is a private ARP table, a private network name is displayed, for example, ARP Table: ABC.

Total number

Total number of ARP entries.

Success number

Number of ARP entries that are successfully delivered.

Fail number

Number of ARP entries that fail to be delivered.

IP Address

Destination IP address.

MAC Address

Destination MAC address.

Interface

Outbound interface information.
  • If the outbound interface is on a VXLAN tunnel, the destination IP address of the tunnel is displayed.
  • If the outbound interface is in an NLB scenario, this field displays Mutiport.
  • If the outbound interface is on a TRILL tunnel, this field displays Trill Tunnel.
  • In other conditions, this field displays the outbound interface.

Gateway

VBDIF interface.

State

ARP entry delivery state.
  • Available: ARP entry delivery is normal.
  • UnAvailable: ARP entry delivery is abnormal.

display arp interface

Function

The display arp interface command displays Address Resolution Protocol (ARP) entries for an interface.

Format

display arp interface interface-type interface-number

Parameters

Parameter Description Value
interface-type interface-number Specifies the type and number of an interface. -

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

To check ARP entries learned by an interface or locate ARP faults on an interface, run the display arp interface command.

Example

# Display ARP entries on 10GE 1/0/1.
<HUAWEI> display arp interface 10ge1/0/1
ARP Entry Types: D - Dynamic, S - Static, I - Interface, O - OpenFlow
EXP: Expire-time 

IP ADDRESS      MAC ADDRESS     EXP(M)    TYPE/VLAN   INTERFACE   VPN-INSTANCE
------------------------------------------------------------------------------
10.1.1.11       0001-0001-0001            I           10GE1/0/1  
10.1.1.1        38ba-71d2-3802    20      D/10        10GE1/0/1  
------------------------------------------------------------------------------
Total:2         Dynamic:1       Static:0    Interface:1    OpenFlow:0
# Display ARP entries learned by an interface named vbdif 100.
<HUAWEI> display arp interface vbdif 100
ARP Entry Types: D - Dynamic, S - Static, I - Interface, O - OpenFlow
EXP: Expire-time  src: source ip   dst: destination ip

IP ADDRESS      MAC ADDRESS    EXP(M) TYPE/VLAN/CEVLAN INTERFACE
------------------------------------------------------------------------------
10.1.1.1        38ba-228b-5902        I                Vbdif100        
10.1.1.2        0001-0001-0001        S                VNI10(src:1.1.1.1 dst:2.2.2.2)  
1.1.1.5         0001-0001-0005        S/10/100         10GE3/0/1.1       
------------------------------------------------------------------------------
Total:3         Dynamic:0       Static:2    Interface:1    OpenFlow:0
Table 8-8  Description of the display arp interface command output

Item

Description

ARP Entry Types

ARP entry type:
  • I: Interface, indicating an interface's ARP entry.

  • D: Dynamic, indicating dynamic entries obtained using ARP messages.

  • S: Static, indicating static ARP entries configured.

  • O: OpenFlow, indicating an ARP entry delivered from the controller to a forwarder.

IP ADDRESS

IP address in an ARP entry.

MAC ADDRESS

MAC address in an ARP entry.

EXP(M)

Remaining lifetime of an ARP entry, in minutes.

TYPE/VLAN

Type and VLAN ID of an ARP entry. The ARP entry type can be:
  • I: Interface, indicating an interface's ARP entry.

  • D: Dynamic, indicating dynamic entries obtained using ARP messages.

  • S: Static, indicating static ARP entries configured.

  • O: OpenFlow, indicating an ARP entry delivered from the controller to a forwarder.

INTERFACE

An interface that has learned ARP entries.
  • Vni: network-side identifier.

  • src: source IP address.

  • dst: destination IP address.

VPN-INSTANCE

VPN instance name of an ARP entry.

Total

Number of ARP entries in the ARP table.

Dynamic

Number of dynamic ARP entries in the ARP table.

Static

Number of static ARP entries in the ARP table.

Interface

Number of ARP entries for the local interface in the ARP table.

OpenFlow

Number of ARP entries delivered from the controller to a forwarder.

display arp l2-proxy

Function

The display arp l2-proxy command displays Layer 2 proxy Address Resolution Protocol (ARP) entries.

NOTE:
CE6880EI does not support the command.

Format

display arp l2-proxy vlan vlan-id [ ip ip-address | conflict user ]

Parameters

Parameter Description Value
vlan vlan-id Displays Layer 2 proxy ARP entries in a specified VLAN. The value is an integer ranging from 1 to 4094.
ip ip-address Displays Layer 2 proxy ARP entries containing a specified IP address. The value is in dotted decimal notation.
conflict user Displays conflicted Layer 2 proxy ARP entries. -

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

To check Layer 2 proxy ARP entries or locate Layer 2 proxy ARP conflicts, run the display arp l2-proxy command.

Example

# Display Layer 2 proxy ARP entries in VLAN 10.

<HUAWEI> display arp l2-proxy vlan 10
Flags: S - static, D - dynamic, C - conflict      
------------------------------------------------------------------------
Max user        : 2000
Expire time     : 900 (seconds)
User learning   : enable
Total user count: 4

------------------------------------------------------------------------
IP Address      MAC Address     Interface             Aging(M)     Flags 
------------------------------------------------------------------------
5.1.1.5         0005-0005-0005  10GE1/0/1            -            S 
------------------------------------------------------------------------
Table 8-9  Description of the display arp l2-proxy command output

Item

Description

Flags

Type of a Layer 2 proxy ARP entry
  • S: Static, indicating a Layer 2 proxy ARP entry generated using DHCP snooping

  • D: Dynamic, indicating a Layer 2 proxy ARP entry generated using ARP snooping

  • C: Conflict, indicating a conflicted Layer 2 proxy ARP entry

Max user

Maximum number of ARP snooping binding entries

Expire time

Aging time of ARP snooping binding entries

User learning

Status of the Layer 2 proxy ARP function

Total user count

Total number of Layer 2 proxy ARP entries

IP Address

IP address in a Layer 2 proxy ARP entry

MAC Address

MAC address in a Layer 2 proxy ARP entry

Interface

Interface that has learned Layer 2 proxy ARP entries

Aging(M)

Remaining lifetime of Layer 2 proxy ARP entries

This field displays a hyphen (-) for Layer 2 proxy ARP entries with Flags being S.

display arp packet statistics

Function

The display arp packet statistics command displays the statistics on ARP packets.

Format

display arp packet statistics [ interface [ interface-type interface-number ] ]

Parameters

Parameter Description Value
interface Displays the statistics about ARP packets sent and received by the Layer 3 interfaces.

If the interface parameter is not specified, the statistics on all ARP packets is displayed.

-
interface-type interface-number
Specifies the type and number of an interface.
  • interface-type specifies the interface type.

  • interface-number specifies the interface number.

If the interface-type interface-number parameters are not specified, the ARP packet statistics sent and received by all Layer 3 interfaces is displayed.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

To locate and rectify ARP faults, you can run this command to the statistics on ARP packets.

Example

# Display the statistics on ARP packets.

<HUAWEI> display arp packet statistics
ARP Packets Received
  Total:                       10989
  Learnt Count:                    0
  Discard For Entry Limit:         0
  Discard For Speed Limit:         0
  Discard For Proxy Suppress:      0
  Discard For Other:           10989
  MAC Invalid Count:            0
ARP Packets Sent 
  Total:                           0
  Request:                         0
  Reply:                           0
  Gratuitous ARP:                  0
ARP-Miss Message Received  
  Total:                           0
  Discard For Speed Limit:         0
  Discard For Other:               0
Table 8-10  Description of the display arp packet statistics command output

Item

Description

ARP Packets Received Total

Number of received ARP packets

ARP Packets Received Learnt Count

Number of learned ARP entries

ARP Packets Received Discard For Entry Limit

Number of packets discarded for the ARP limit

ARP Packets Received Discard For Speed Limit

Number of packets discarded for the speed limit

ARP Packets Received Discard For Proxy Suppress

Number of ARP packets discarded for the proxy suppression

ARP Packets Received Discard For Other

Number of packets discarded for other reasons

ARP Packets Received MAC Invalid Count

Number of packets that undergo MAC address inconsistency

ARP Packets Sent Total

Number of sent ARP packets

ARP Packets Sent Request

Number of sent ARP request packets

ARP Packets Sent Reply

Number of sent ARP reply packets

ARP Packets Sent Gratuitous ARP

Number of sent gratuitous ARP packets

ARP-Miss Message Received Total

Number of received ARP Miss messages

ARP-Miss Message Received Discard For Speed Limit

Number of ARP Miss messages discarded for speed limit

ARP-Miss Message Received Discard For Other

Number of ARP Miss messages discarded for other reasons

# Display the interfaces that send and receive ARP packets and the statistics about the ARP packets.
<HUAWEI> display arp packet statistics interface
Interface            R-request   R-reply  R-gratis  S-request   S-reply S-gratis
--------------------------------------------------------------------------------
10GE1/0/1                    5         0         3          0          0       0
Vlanif2                    100         0       100          0          5       5
Eth-Trunk2                 400       200       400         400       200     100
Table 8-11  Description of the display arp packet statistics interface command output

Item

Description

Interface

Interfaces that send and receive ARP packets

R-request

Number of ARP request packets received by an interface

R-reply

Number of ARP reply packets received by an interface

R-free

Number of gratuitous ARP packets received by an interface

S-request

Number of ARP request packets sent by an interface

S-reply

Number of ARP reply packets sent by an interface

S-free

Number of gratuitous ARP packets sent by an interface
# Display detailed statistics about ARP messages sent and received by a device.
<HUAWEI> display arp packet statistics interface 10ge 1/0/1
ARP Packets Received                                                            
  Request:                              22                                       
  Reply:                                0                                       
  Gratuitous ARP:                       6                                       
ARP Packets Sent                                                                
  Request:                              3                                       
  Reply:                                0                                       
  Gratuitous ARP:                       3                                       
ARP-Miss Message Received                                                       
  Total:                                0                                       
  Discard For Invalid Table:            0                                       
  Discard For Speed Limit:              0                                       
  Discard For Other:                    0
Table 8-12  Description of the display arp packet statistics interface 10ge 1/0/1 command output

Item

Description

ARP Packets Received

Number of ARP packets received
  • Request: number of ARP request packets
  • Reply: number of ARP reply packets
  • Gratuitous ARP: number of gratuitous ARP packets

ARP Packets Sent

Number of ARP packets sent
  • Request: number of ARP request packets
  • Reply: number of ARP reply packets
  • Gratuitous ARP: number of gratuitous ARP packets

ARP-Miss Message Received

Number of ARP Miss messages received
  • Total: total number of ARP Miss messages
  • Discard For Invalid Table: number of ARP Miss messages discarded due to invalid static ARP entries
  • Discard For Speed Limit: number of ARP Miss messages discarded due to rate limiting
  • Discard For Other: number of ARP Miss messages discarded due to other causes

display arp statistics

Function

The display arp statistics command displays Address Resolution Protocol (ARP) entry statistics.

Format

display arp statistics [ interface { interface-type interface-number | interface-name } ]

Parameters

Parameter Description Value
interface interface-type interface-number Displays statistics about ARP entries on a specified interface. -

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

To check ARP entry statistics or locate ARP faults, run the display arp statistics command.

Precautions

For centralized devices and the distributed devices that are not equipped with an LPU, ARP statistics cannot be viewed based on the slot ID where the LPU resides. Instead, ARP statistics can be viewed by device or interface.

To view the number of ARP entries learned by various types of interfaces, and the number of remaining resources, run the

Example

# Display ARP entry statistics on 10GE 1/0/1.
<HUAWEI> display arp statistics interface 10GE 1/0/1
Dynamic: 0  (Resolved: 0  Incomplete: 0)  Static: 0  OpenFlow: 0
Table 8-13  Description of the display arp statistics command output

Item

Description

Dynamic

Number of dynamic ARP entries:
  • Resolved: number of normal ARP entries.
  • Incomplete: number of fake ARP entries.

Static

Number of static ARP entries.

OpenFlow

Number of ARP entries delivered from the controller to a forwarder.

display arp track

Function

The display arp track command traces the Address Resolution Protocol (ARP) entries learned by VLANIF interfaces and displays detailed information about the change of outbound interfaces.

Format

display arp track

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

When the outbound interface information in an ARP entry learned by a VLANIF interface changes, traffic is interrupted frequently and randomly. To quickly locate the fault, run the display arp track command to check records about the change of outbound interface information and check the time of change.

Prerequisites

There are ARP entries learned by VLANIF interfaces and changing outbound interfaces.

Precautions

After the display arp track command is run, information about the change of ARP entries due to the following reasons will be displayed:
  • The outbound interface information in a dynamic ARP entry that has been learned by a VLANIF interface changes.

  • The outbound interface information in a short static ARP entry changes.

  • A dynamic ARP entry or a short static ARP entry is deleted.

Example

# Display the change of ARP entries.

<HUAWEI> display arp track
Operate Flags: M - Modify, D - Delete 
---------------------------------------------------------------------------
Op IP-Address  MAC-Address     VLAN   Old-Port   New-Port   System-Time
---------------------------------------------------------------------------
M  10.1.1.1    0001-0001-0001  1000   10GE1/0/1  10GE1/0/2  08-19 12:10:12
D  10.1.1.100  0003-0003-0003  300    10GE1/0/3             08-19 12:12:12
Table 8-14  Description of the display arp track command output

Item

Description

Op

Operation identifier, which can be:
  • M: Modify, indicating that the outbound interface information changes.

  • D: Deletion, indicating that the ARP entry is deleted.

IP-Address

IP address in an ARP entry

MAC-Address

MAC address in an ARP entry

VLAN

ID of the VLAN to which the VLANIF interface belongs

Old-Port

Previous outbound interface in an ARP entry

New-Port

New outbound interface in an ARP entry

System-Time

System time when the outbound interface information changes

display arp vlan

Function

The display arp vlan command displays the Address Resolution Protocol (ARP) entries of a VLAN.

Format

display arp vlan vlan-id interface interface-type interface-number

Parameters

Parameter Description Value
vlan-id Specifies a VLAN ID.

The value is an integer ranging from 1 to 4094.

interface interface-type interface-number Specifies the type and number of an interface. -

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

To check ARP entries or locate ARP faults in a specified VLAN, run the display arp vlan command.

Example

# Display ARP entries on the member interface 10GE 1/0/1 of VLAN 1.

<HUAWEI> display arp vlan 1 interface 10ge 1/0/1
ARP Entry Types: D - Dynamic, S - Static, I - Interface, O - OpenFlow
EXP: Expire-time

IP ADDRESS      MAC ADDRESS     EXP(M)    TYPE/VLAN   INTERFACE   VPN-INSTANCE
------------------------------------------------------------------------------
10.1.1.1        38ba-71d2-3802    20      D/10        10GE1/0/1  
------------------------------------------------------------------------------
Total:1         Dynamic:1       Static:0    Interface:0    OpenFlow:0
Table 8-15  Description of the display arp vlan command output

Item

Description

ARP Entry Types

ARP entry type:
  • I: Interface, indicating an interface's ARP entry.

  • D: Dynamic, indicating dynamic entries obtained using ARP messages.

  • S: Static, indicating static ARP entries configured.

  • O: OpenFlow, indicating an ARP entry delivered from the controller to a forwarder.

IP ADDRESS

IP address in an ARP entry.

MAC ADDRESS

MAC address in the ARP entry.

EXP(M)

Remaining lifetime of an ARP entry, in minutes.

TYPE/VLAN

Type and VLAN ID of an ARP entry. The ARP entry type can be:
  • I: Interface, indicating an interface's ARP entry.

  • D: Dynamic, indicating dynamic entries obtained using ARP messages.

  • S: Static, indicating static ARP entries configured.

  • O: OpenFlow, indicating an ARP entry delivered from the controller to a forwarder.

INTERFACE

Type and number of an interface that has learned ARP entries.

VPN-INSTANCE

VPN instance name of an ARP entry.

Total

Number of ARP entries in the ARP table.

Dynamic

Number of dynamic ARP entries in the ARP table.

Static

Number of static ARP entries in the ARP table.

Interface

Number of ARP entries for the local interface in the ARP table.

OpenFlow

Number of ARP entries delivered from the controller to a forwarder.

display arp vpn-instance

Function

The display arp vpn-instance command displays the Address Resolution Protocol (ARP) entries of a VPN instance.

Format

display arp vpn-instance vpn-instance-name [ dynamic | static ]

Parameters

Parameter Description Value
vpn-instance-name Displays the ARP entries of a VPN instance.

The value must be an existing VPN instance.

dynamic Displays dynamic ARP entries. -
static Displays static ARP entries. -

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

To check ARP entries or locate ARP faults of a specified VPN instance, run the display arp vpn-instance command.

Example

# Display all ARP entries of the VPN instance name r1.

<HUAWEI> display arp vpn-instance r1
ARP Entry Types: D - Dynamic, S - Static, I - Interface, O - OpenFlow
EXP: Expire-time

IP ADDRESS      MAC ADDRESS     EXP(M)    TYPE/VLAN   INTERFACE   VPN-INSTANCE
------------------------------------------------------------------------------
10.1.1.11       0001-0001-0001            I           10GE1/0/1   r1
10.1.1.1        38ba-71d2-3802    20      D/10        10GE1/0/1   r1
------------------------------------------------------------------------------
Total:2         Dynamic:1       Static:0    Interface:1    OpenFlow:0
Table 8-16  Description of the display arp vpn-instance command output

Item

Description

ARP Entry Types

ARP entry type:
  • I: Interface, indicating an ARP entry of an interface.

  • D: Dynamic, indicating a dynamic ARP entry obtained using ARP messages.

  • S: Static, indicating an ARP entry statically configured.

  • O: OpenFlow, indicating an ARP entry delivered from the controller to a forwarder.

IP ADDRESS

IP address in an ARP entry.

MAC ADDRESS

MAC address in an ARP entry.

EXP(M)

Remaining lifetime of an ARP entry, in minutes.

TYPE/VLAN

Type and VLAN ID of an ARP entry. The ARP entry can be:
  • I: Interface, indicating an ARP entry of an interface.

  • D: Dynamic, indicating a dynamic ARP entry obtained using ARP messages.

  • S: Static, indicating an ARP entry statically configured.

  • O: OpenFlow, indicating an ARP entry delivered from the controller to a forwarder.

INTERFACE

Type and number of an interface that has learned ARP entries.

If the field displays Multi-port:n, the interface has learned an ARP entry in which the MAC address is configured for n interfaces.

VPN-INSTANCE

VPN instance name of an ARP entry.

Total

Number of ARP entries in the ARP table.

Dynamic

Number of dynamic ARP entries in the ARP table.

Static

Number of static ARP entries in the ARP table.

Interface

Number of ARP entries for the local interface in the ARP table.

OpenFlow

Number of ARP entries delivered from the controller to a forwarder.

display snmp-agent trap feature-name arp all

Function

The display snmp-agent trap feature-name arp all command displays all trap messages of the ARP module.

Format

display snmp-agent trap feature-name arp all

Parameters

None

Views

All views

Default Level

3: Management level

Usage Guidelines

The Simple Network Management Protocol (SNMP) is a standard network management protocol widely used on TCP/IP networks. It uses a central computer (a network management station) that runs network management software to manage network elements. The management agent on the network element automatically reports traps to the network management station. Then, the network administrator immediately takes measures to resolve the problem.

After running the snmp-agent trap enable feature-name arp command to enable or disable a trap function of the ARP module, run the display snmp-agent trap feature-name arp all command to check the status of all trap functions of the ARP module.

Example

# Display all trap messages of the ARP module.

------------------------------------------------------------------------------                                                      
Feature name: ARP                                                                                                                   
Trap number : 10                                                                                                                    
------------------------------------------------------------------------------                                                      
Trap name                      Default switch status   Current switch status                                                        
hwArpMissVlanSpeedLimitALarm   off                     off                                                                          
hwArpVlanSpeedLimitALarm       off                     off                                                                          
hwArpsEntryCheck               off                     off                                                                          
hwArpsGatewayConflict          off                     off                                                                          
hwArpsLearnStrictCheck         on                      on                                                                          
hwArpsPacketCheck              off                     off                                                                          
hwEthernetARPIPConflictEvent   on                      on                                                                           
hwEthernetARPMACIPConflict     on                      on                                                                           
hwEthernetARPMACIPConflictResolved                                                                                                  
                               on                      on                                                                           
hwEthernetARPSpeedLimitAlarm   on                      on   
Table 8-17  Description of the display snmp-agent trap feature-name arp all command output

Item

Description

Feature name

Name of the module to which a trap message belongs.

Trap number

Number of trap messages.

Trap name

Name of a trap message of the ARP module:

  • hwArpMissVlanSpeedLimitALarm
  • hwArpVlanSpeedLimitALarm
  • hwArpsEntryCheck
  • hwArpsGatewayConflict
  • hwArpsLearnStrictCheck
  • hwArpsPacketCheck
  • hwEthernetARPIPConflictEvent
  • hwEthernetARPMACIPConflict
  • hwEthernetARPMACIPConflictResolved
  • hwEthernetARPSpeedLimitAlarm

Default switch status

Status of the default trap switch:
  • on: indicates that the trap function is enabled.
  • off: indicates that the trap function is disabled.

Current switch status

Status of the current trap switch:
  • on: indicates that the trap function is enabled.
  • off: indicates that the trap function is disabled.

ping arp ip

Function

The ping arp ip command configures a device on a LAN to send Address Resolution Protocol (ARP) messages to check whether an IP address is used by another device.

Format

ping arp ip ip-host [ interface interface-type interface-number [ vlan-id vlan-id ] ] [ timeout timeout ]

Parameters

Parameter Description Value
ip-host Specifies a destination IP address or host name. If the value is an IP address, it is in dotted decimal notation. If the value is a host name, it is a string of 1 to 255 case-sensitive characters, spaces not supported.
interface interface-type interface-number Specifies the type and number of the interface that sends ARP messages. -
vlan-id vlan-id

Specifies the VLAN to which the interface that sends ARP messages belongs.

The value is an integer ranging from 1 to 4094. If this parameter is not specified, the VLAN ID of 0 is used. When the specified outbound interface is a Layer 2 interface, you must configure vlan-id; when the specified outbound interface is a Layer 3 interface, you cannot configure vlan-id.

timeout timeout

Specifies the timeout period of an ARP-ping test. This parameter is recommended when the local IP address is to be detected.

The value is an integer ranging from 1 to 10, in seconds. The default value is 3s.

Views

All views

Default Level

0: Visit level

Usage Guidelines

Usage Scenario

To use ARP messages to check whether an IP address is used by another devices on a LAN, run the ping arp ip command.

Alternatively, you can run the ping command to check whether an IP address is used by another device on the network. If the destination host and the switch that are enabled with the firewall function are configured not to respond to ping packets, after the ping command is run, the destination host and the switch do not respond to the ping packets. Therefore, the initiator mistakenly considers that the IP address is not in use. As ARP is a Layer 2 protocol, in most cases, ARP messages can pass through the firewall of the device that is configured not to respond to ping packets. In this manner, the preceding situation does not occur.

In addition, an ARP request message is smaller than an ICMP packet used in ping operations, and therefore running the ping arp ip command consumes fewer network resources. The ping arp ip command is recommended for IP address detection.

Prerequisites

ARP has been enabled, and ARP messages can be properly sent and received.

Configuration Impact

If you specify a local IP address or loopback address in the ping arp ip command, the probe will fail.

Precautions

The ping arp ip command cannot be used to detect a local IP address, whereas the ping command can.

Example

# Configure a device to send ARP messages to check whether an IP address is in use.

<HUAWEI> ping arp ip 10.1.1.1
ARP-Pinging 10.1.1.1:

10.1.1.1 is used by 00e0-fc91-8d70

ping arp mac

Function

The ping arp mac command configures a device on a LAN to send ICMP packets to check whether a MAC address is in use and displays the IP address corresponding to the MAC address.

Format

ping arp mac mac-address { ip-address [ vpn-instance vpn-instance-name ] | interface interface-type interface-number }

Parameters

Parameter Description Value
mac-address Specifies a destination MAC address. The value is a 12-digit hexadecimal number, in the format of H-H-H. Each H is 4 digits. If an H contains fewer than 4 digits, the left-most digits are padded with zeros. For example, e0 is displayed as 00e0. The MAC address cannot be a multicast or broadcast address or the virtual MAC address of the device.
ip-address Specifies an IPv4 address. The value is in dotted decimal notation.
vpn-instance vpn-instance-name Specifies the name of a VPN instance. The value is a string of 1 to 31 case-sensitive characters, spaces not supported. In addition, the VPN instance name must not be _public_. When double quotation marks are used around the string, spaces are allowed in the string.
interface interface-type interface-number Specifies the type and number of the interface that sends and receives ICMP packets. -

Views

All views

Default Level

0: Visit level

Usage Guidelines

Usage Scenario

When you know a MAC address on a network segment but do not know the corresponding IP address, run the ping arp mac command to configure a device to broadcast Layer 3 ICMP packets to obtain the IP address corresponding to the MAC address.

Prerequisites

ICMP has been enabled, and ICMP packets can be properly sent and received.

Precautions

The ping arp mac command cannot be used to detect a local MAC address.

Example

# Configure a device to send ICMP packets to check whether a MAC address is in use on the network segment 192.168.1.0.

<HUAWEI> ping arp mac 00e0-fca6-a45d 192.168.1.0
  LANIP: 192.168.1.0 MAC[00-E0-FC-A6-A4-5D], press CTRL_C to break

    ----- ARP-Ping MAC statistics -----
    1 packet(s) transmitted
    1 packet(s) received

    IP ADDRESS                MAC ADDRESS
    192.168.1.122             00-E0-FC-A6-A4-5D

# Configure an outbound interface to send ICMP packets to check whether a MAC address is in use.

<HUAWEI> ping arp mac 00e0-fca6-a45d interface gigabitethernet 1/0/0
  OutInterface: GigabitEthernet1/0/0 MAC[00-E0-FC-A6-A4-5D], press CTRL_C to break

    ----- ARP-Ping MAC statistics -----
    1 packet(s) transmitted
    1 packet(s) received

    IP ADDRESS                MAC ADDRESS
    192.168.1.122             00-E0-FC-A6-A4-5D
Table 8-18  Description of the ping arp mac command output
Item Description
LANIP IP address of the tested network segment
IP ADDRESS IP address corresponding to the MAC address specified in the test
MAC ADDRESS MAC address specified in the test

reset arp

Function

The reset arp command clears the Address Resolution Protocol (ARP) entries in an ARP table.

Format

reset arp { all | dynamic ip ip-address [ vpn-instance vpn-instance-name ] | interface interface-type interface-number [ ip ip-address ] | vpn-instance vpn-instance-name }

Parameters

Parameter Description Value
all Clears all ARP entries. -
dynamic Clears dynamic ARP entries. -
ip ip-address Clears dynamic ARP entries containing a specified IP address. It is in dotted decimal notation.
vpn-instance vpn-instance-name

Clears dynamic ARP entries containing a specified IP address in a specified VPN.

Because one IP address may be learned in different VPNs, the following situations are available:
  • If no VPN instance is specified, the dynamic ARP entries containing the specified IP address on the public network are cleared.
  • If a VPN instance is specified, only the dynamic ARP entries containing the specified IP address in the specified VPN instance are cleared.
The value is a string of 1 to 31 case-sensitive characters, spaces not supported. In addition, the VPN instance name must not be _public_. When double quotation marks are used around the string, spaces are allowed in the string.
interface interface-type interface-number

Clears dynamic ARP entries learned on a specified interface.

-
ip ip-address

Clears dynamic ARP entries containing a specified IP address learned on a specified interface.

This parameter can be configured if you only want to delete one of the several ARP entries learned on a specified interface.

The value is in dotted decimal notation.
vpn-instance vpn-instance-name

Clears ARP entries learned in a specified VPN instance.

The value is a string of 1 to 31 case-sensitive characters, spaces not supported. In addition, the VPN instance name must not be _public_. When double quotation marks are used around the string, spaces are allowed in the string.

Views

User view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If an unauthorized user sends a large number of ARP messages to a device, the device learns a large number of ARP entries in a short period of time, causing a buffer overflow. As a result, users may fail to access the network. To resolve the problem, run the reset arp command to delete invalid ARP entries so that new ARP entries can be created to allow authorized user access.

Prerequisites
  • ARP entries exist on a device.
  • The VPN instance specified by vpn-instance vpn-instance-name exists if this parameter is configured.

Configuration Impact

After an ARP entry is cleared, the mapping between the IP and MAC addresses in the entry is cleared. As a result, users may fail to access the network, and services may be interrupted.

Example

# Clear dynamic ARP entries on 10GE 1/0/1.
<HUAWEI> reset arp interface 10ge 1/0/1
# Clear dynamic ARP entries containing the IP address 10.1.1.1.
<HUAWEI> reset arp interface 10ge 1/0/1 ip 10.1.1.1

reset arp fast-reply statistics

Function

The reset arp fast-reply statistics command clears statistics on fast ARP Reply packets.

Format

reset arp fast-reply slot slot-id statistics

Parameters

Parameter Description Value
slot slot-id Clears statistics on fast ARP Reply packets of a specified stack. -

Views

User view

Default Level

2: Configuration level

Usage Guidelines

To collect statistics on fast ARP Reply packets on each interface, you can run the reset arp fast-reply slot slot-id statistics command to clear statistics on fast ARP Reply packets.

Example

# Clear statistics on fast ARP Reply packets on all interfaces in stack 1.
<HUAWEI> reset arp fast-reply slot 1 statistics

reset arp l2-proxy user

Function

The reset arp l2-proxy user command clears Address Resolution Protocol (ARP) snooping binding entries.

NOTE:
CE6880EI does not support the command.

Format

reset arp l2-proxy user vlan vlan-id [ ip ip-address | interface interface-type interface-number ]

Parameters

Parameter Description Value
vlan vlan-id Clears ARP snooping binding entries in a specified VLAN. The value is an integer ranging from 1 to 4094.
ip ip-address Clears the ARP snooping binding entry that contains a specified IP address. The value is in dotted decimal notation.
interface interface-type interface-number Clears ARP snooping binding entries on a specified interface. -

Views

User view

Default Level

2: Configuration level

Usage Guidelines

When ARP attacks occur, the device learns a large number of incorrect ARP snooping binding entries. The incorrect ARP snooping binding entries waste memory resources, and correct ARP snooping binding entries cannot be generated. To resolve this problem, run the reset arp l2-proxy user command to clear ARP snooping binding entries. The memory resources are released to store correct ARP snooping binding entries.

Example

# Clear ARP snooping binding entries in VLAN 10.

<HUAWEI> reset arp l2-proxy user vlan 10

reset arp packet statistics

Function

The reset arp packet statistics command clears the statistics on ARP packets.

Format

reset arp packet statistics [ interface [ interface-type interface-number ] ]

Parameters

Parameter Description Value
interface Clears the statistics about ARP packets sent and received by the Layer 3 interfaces.

If the interface parameter is not specified, the statistics on all ARP packets is cleared.

-
interface-type interface-number
Specifies the type and number of an interface.
  • interface-type specifies the interface type.

  • interface-number specifies the interface number.

If the interface-type interface-number parameters are not specified, the ARP packet statistics sent and received by all Layer 3 interfaces is cleared.

-

Views

User view

Default Level

2: Configuration level

Usage Guidelines

You can run the display arp packet statistics command to display the statistics on ARP packets. To obtain correct statistics, run the reset arp packet statistics command to clear existing statistics first.

Example

# Clear the statistics on all ARP packets.

<HUAWEI> reset arp packet statistics

snmp-agent trap enable feature-name arp

Function

The snmp-agent trap enable feature-name arp command enables the trap function for the ARP module.

The undo snmp-agent trap enable feature-name arp command disables the trap function for the ARP module.

By default, the trap function is enabled for the hwethernetarpmacipconflict, hwethernetarpmacipconflictresolved, hwethernetarpipconflictevent, and hwethernetarpspeedlimitalarm, the other is disabled.

Format

snmp-agent trap enable feature-name arp [ trap-name { hwarpmissvlanspeedlimitalarm | hwarpsentrycheck | hwarpsgatewayconflict | hwarpspacketcheck | hwarpvlanspeedlimitalarm | hwethernetarpmacipconflict | hwethernetarpmacipconflictresolved | hwethernetarpspeedlimitalarm | hwethernetarpipconflictevent | hwarpslearnstrictcheck } ]

undo snmp-agent trap enable feature-name arp [ trap-name { hwarpmissvlanspeedlimitalarm | hwarpsentrycheck | hwarpsgatewayconflict | hwarpspacketcheck | hwarpvlanspeedlimitalarm | hwethernetarpmacipconflict | hwethernetarpmacipconflictresolved | hwethernetarpspeedlimitalarm | hwethernetarpipconflictevent | hwarpslearnstrictcheck } ]

Parameters

Parameter Description Value
trap-name

Enables the traps of ARP events of specified types.

-
hwarpmissvlanspeedlimitalarm

Enables an alarm of ARP Miss messages speed limit based on a specified VLAN.

-
hwarpsentrycheck

Enables an alarm of ARP entries suffered spoofing attacks.

-
hwarpsgatewayconflict

Enables an alarm of source IP address conflict between ARP packets and a gateway.

-
hwarpspacketcheck

Enables an alarm of ARP packets suffered attacks.

-
hwarpvlanspeedlimitalarm

Enables an alarm of ARP speed limit based on a specified VLAN.

-
hwethernetarpipconflictevent

Enables an alarm when an IP address conflict occurred.

-
hwethernetarpmacipconflict

Enables an alarm when the source IP address and MAC address carried in the received ARP packet are the same as those of the interface.

-
hwethernetarpmacipconflictresolved

Enables an alarm when the source IP address and MAC address carried in the received ARP packet are different from those of the interface.

-
hwethernetarpspeedlimitalarm

Enables an alarm of ARP speed limit.

-
hwarpslearnstrictcheck

Enables an alarm when the received ARP packet is not in response to the request packet that the device send.

-

Views

System view

Default Level

3: Management level

Usage Guidelines

If you do not specify trap-name, all traps of the ARP module will be enabled.

Example

# Enables the trap function of ARP speed limit.

<HUAWEI> system-view
[~HUAWEI] snmp-agent trap enable feature-name arp trap-name hwethernetarpspeedlimitalarm
Translation
Download
Updated: 2019-03-21

Document ID: EDOC1000166501

Views: 50088

Downloads: 336

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next