No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - IP Services 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - IP Services
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Static ARP

Configuring Static ARP

When static ARP is used, mappings between IP addresses and MAC addresses are configured and cannot be changed on hosts or routers. Static ARP entries are always not aged on routers that are working properly.

Usage Scenario

Static ARP entries are manually configured and maintained. They cannot be aged or overwritten by dynamic ARP entries. Configuring static ARP entries improves communication security. When device A communicates with device B using a specified IP address, device A can be configured with a fixed mapping between device B's IP address and MAC address. This mapping will not be changed because devices do not update ARP entries after receiving attack packets. This ensures communication between the two devices.

Static ARP can be used for the following purposes:
  • To enable a local gateway to forward packets with destination IP addresses not on the local network segment.

  • To bind the invalid IP addresses of received ARP messages to a non-existent MAC address so that these ARP messages can be filtered out.

You can deploy static ARP on important network devices like servers to set up static mappings between IP addresses and MAC addresses of the peers communicating with the devices. The static mappings cannot be modified by forged ARP messages, and prevent the devices from responding to illegal ARP request messages. In this way, the devices are protected from network attacks.

NOTE:

Static ARP entries will never be overwritten, but configuring a large number of ARP entries is heavy workload. Therefore, static ARP is applicable to small networks on which host IP addresses seldom change.

Pre-configuration Tasks

Before configuring static ARP, complete the following tasks:

  • Configure physical parameters for interfaces to ensure that the physical status of the interfaces is Up.

  • Configure link layer protocol parameters for interfaces to ensure that the link layer protocol status of the interfaces is Up.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run arp static ip-address mac-address [ vpn-instance vpn-instance-name ]

    A static ARP entry is configured.

    The optional parameters for configuring static ARP on different types of interfaces vary. For details, see the command format of arp static.

  3. Run commit

    The configuration is committed.

Verifying the Configuration of Static ARP

After configuring static ARP, verify the configuration.

  • Run the display arp slot slot-id command to check the ARP entries on the board in a specified slot.

  • Run the display arp vlan vlan-id interface interface-type interface-number command to check the ARP entries for VLANs.

  • Run the display arp track command to check the ARP entries learned by VLANIF interfaces and outbound interface changes.

Run the display arp slot command. The command output shows the ARP entries on the board in a specified slot.

<HUAWEI> display arp slot 1 static
IP ADDRESS      MAC ADDRESS    EXPIRE(M) TYPE        INTERFACE   VPN-INSTANCE
                                         VLAN/CEVLAN PVC
------------------------------------------------------------------------------
10.1.1.1        0000-0a41-0200           S--
                                            3/-
10.1.1.2        0000-0a41-0202           S--
                                            3/-
10.1.1.3        0000-0a41-0204           S--
                                            3/-
------------------------------------------------------------------------------
Total:3         Dynamic:0       Static:3    Interface:0
Redirect:0
Run the display arp vlan command. The command output shows the ARP entries in a specified VLAN.
<HUAWEI> display arp vlan 1 interface gigabitethernet 0/1/1

IP ADDRESS      MAC ADDRESS     EXPIRE(M) TYPE        INTERFACE   VPN-INSTANCE
                                          VLAN/CEVLAN PVC
------------------------------------------------------------------------------
10.0.0.1        00e0-fcb8-d6b6  19        D-1         GE0/1/0
                                             1/-
------------------------------------------------------------------------------
Total:1         Dynamic:1       Static:0    Interface:0    Remote:0
Redirect:0
Run the display arp track command. The command output shows the ARP entries learned by VLANIF interfaces and outbound interface changes.
<HUAWEI> display arp track

Operate Flags: M - Modify, D - Delete 
---------------------------------------------------------------------------
Op IP-Address  MAC-Address     VLAN   Old-Port   New-Port   System-Time
---------------------------------------------------------------------------
M  10.1.1.1    0001-0001-0001   1000   GE0/1/2  GE0/1/1  08-19 12:10:12
D  120.1.1.100 0003-0003-0003   300               GE0/2/0    08-19 12:12:12
Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055376

Views: 15758

Downloads: 33

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next