No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - IP Service

S2720, S5700, and S6720 V200R013C00

This document describes the configurations of IP Service, including IP address, ARP, DHCP, DHCP policy VLAN, DNS, mDNS gateway, mDNS relay, UDP Helper, IP performance optimization, IPv6, DHCPv6, IPv6 DNS, IPv6 over IPv4 tunnel, and IPv4 over IPv6 tunnel.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Disabling ARP Learning for Packets with Double VLAN Tags

Disabling ARP Learning for Packets with Double VLAN Tags

Context

If a switch does not need to learn ARP entries from packets with double VLAN tags, you can disable ARP learning for such packets.
In Figure 2-22, users belong to different VLANs and are connected to the gateway router through the switch. The switch is connected to the sub-interface for VLAN termination on the router through VLANIF 100. GE0/0/1 on the switch is configured as a hybrid interface, added to VLAN 10 in untagged mode, and added to VLAN 20 and VLAN 30 in tagged mode. Static ARP binding is configured for user 2 and user 3 on the router, and the inner and outer VLANs are specified.
Figure 2-22  Networking of disabling ARP learning for packets with double VLAN tags

When the router pings the IP address 192.168.1.10 of VLANIF 100 on the switch, the switch learns an ARP entry containing the IP address 192.168.1.20 and VLAN ID 100 of the router's sub-interface.

When the router sends ARP probe packets to a user (for example, user 2) who is not directly connected to the switch, the source IP address in the probe packets is the IP address 192.168.1.20 of the router's sub-interface, and the probe packets contain double VLAN tags. The outer VLAN ID is 100 and the inner VLAN ID is 20. When the probe packets pass through the switch, the switch updates the original ARP entry, and records the outer VLAN ID 100 and inner VLAN ID 20.

By default, the fast ICMP reply function is enabled on the switch. When receiving ICMP request packets, the receiving interface on the switch does not send the packets to the CPU for processing, and instead, directly replies with ICMP reply packets. When the router pings the IP address 192.168.1.10 of VLANIF 100 on the switch, ICMP reply packets match the ARP entry containing the IP address 192.168.1.20, and the ARP entry corresponds to the outer VLAN ID 100 and inner VLAN ID 20. Therefore, ICMP reply packets sent by the switch contain double VLAN tags. When checking the VLAN in received packets, the router detects that the packets contain double VLAN tags instead of one VLAN tag, and discards the packets. Therefore, the router fails to ping the IP address 192.168.1.10 of VLANIF 100 on the switch.

You can disable ARP learning for packets with double VLAN tags on the switch. After this function is disabled, the switch does not learn ARP entries from ARP probe packets with double VLAN tags sent from the router to a user, and does not update the learned ARP entry containing the IP address 192.168.1.20 and VLAN ID 100. The router can always ping the IP address 192.168.1.10 of VLANIF 100 on the switch.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface vlanif vlan-id

    A VLANIF interface is created, and the VLANIF interface view is displayed.

  3. Run arp learning double-tag disable

    ARP learning is disabled for packets with double VLAN tags.

    By default, ARP learning is enabled on a switch for packets with double VLAN tags.

Verifying the Configuration

Run the display this include-default | include arp learning double-tag disable command in the VLANIF interface view to check whether ARP learning is disabled for packets with double VLAN tags.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100065678

Views: 30310

Downloads: 226

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next