No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - IP Service

CloudEngine 8800, 7800, 6800, and 5800 V200R002C50

This document describes the configurations of IP Service, including IP address, ARP, DHCP, DNS, IP performance optimization, IPv6, DHCPv6, and IPv6 DNS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Egress ARP Inspection

Configuring Egress ARP Inspection

Context

NOTE:

CE6880EI does not support the function.

Egress ARP inspection enables the switch to restrict the scope of ARP packet forwarding. This function prevents broadcast of ARP packets in a VLAN and reduces the traffic volume in the VLAN. As shown in Figure 2-14, SwitchB is located between DHCP server and user hosts. All the user hosts belong to VLAN 2 and obtain IP addresses through DHCP.

Figure 2-14  EAI networking

If SwitchB broadcasts ARP Request packets in the VLAN, the traffic volume in the VLAN increases. To reduce network loads in the VLAN, enable EAI in this VLAN on SwitchB. Before enabling EAI in a VLAN, run the dhcp snooping enable command to enable DHCP snooping globally.

After EAI is enabled, the switch matches destination IP addresses of received ARP Request packets with dynamic binding entries generated by DHCP snooping to determine outbound interfaces for the packets. If the destination IP address of an ARP Request packet matches a dynamic binding entry, the switch sends the packet to the outbound interface specified in the binding entry. If the outbound interface is the same as the inbound interface of the ARP Request packet, the switch discards the packet. If the destination IP address matches no binding entry, the switch processes the packet as follows:
  • If the ARP Request packet is sent from a trusted interface, the switch forwards the packet to other trusted interfaces. If there is no other trusted interface, the switch discards the packet.

  • If the ARP Request packet is sent from an untrusted interface, the switch forwards the packet to the trusted interface.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run dhcp snooping enable

    DHCP snooping is globally enabled.

    By default, DHCP snooping is globally disabled on the device.

  3. Run vlan vlan-id

    The VLAN view is displayed.

  4. Run dhcp snooping arp security enable

    EAI is enabled in the VLAN.

    By default, EAI is disabled.

    NOTE:
    • After EAI is enabled, the switch sends all the received ARP Request packets to the CPU for software forwarding, which degrades the ARP packet forwarding performance.

    • EAI and MAC-forced forwarding (MFF) cannot be configured in the same VLAN because the two functions use mutually exclusive ARP mechanisms. MFF uses the proxy ARP mechanism, whereas EAI forwards ARP Request packets.

    • EAI cannot be configured in the super-VLAN.

    • When both EAI and transparent transmission of Layer 2 protocol packets are configured, EAI takes effect preferentially.

  5. Run commit

    The configuration is committed.

Translation
Download
Updated: 2019-03-21

Document ID: EDOC1000166635

Views: 137506

Downloads: 287

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next