No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - IP Service

S7700 and S9700 V200R013C00

This document describes the configurations of IP service, including IP address, ARP, DHCP, DNS, mDNS gateway, mDNS relay, UDP Helper, IP performance optimization, IPv6, DHCPv6, IPv6 DNS, IPv6 over IPv4 tunnel and IPv4 over IPv6 tunnel.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Static ARP

Example for Configuring Static ARP

Networking Requirements

In Figure 2-19, the Switch allows connections between departments of an enterprise, and the departments are added to different VLANs.

Figure 2-19  Networking diagram for configuring static ARP

Fixed IP addresses have been manually assigned to the file backup server and hosts in the president's office, and dynamic IP addresses have been assigned to hosts in other departments using DHCP.

Hosts in the marketing department can access the Internet and are often attacked by ARP packets. The Switch is attacked, and the dynamic ARP entries on the Switch are modified. As a result, communication between hosts in the president's office and external devices is interrupted, and hosts in departments fail to access the file backup server.

The company requires that static ARP entries be configured on the Switch to prevent these attacks and ensure normal working service.

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure static ARP entries on the Switch for hosts in the president's office to prevent the ARP entries of the hosts from being modified by ARP attack packets.
  2. Configure a static ARP entry on the Switch for the file backup server to prevent the ARP entry of the file backup server from being modified by ARP attack packets.

Procedure

  1. Create VLANs on the Switch and configure an IP address for each interface.

    # Create VLAN 10, add the interfaces to VLAN 10, and configure an IP address for VLANIF 10.

    <HUAWEI> system-view
    [HUAWEI] sysname Switch
    [Switch] vlan batch 10
    [Switch] interface gigabitethernet 1/0/1
    [Switch-GigabitEthernet1/0/1] port link-type access
    [Switch-GigabitEthernet1/0/1] port default vlan 10
    [Switch-GigabitEthernet1/0/1] quit
    [Switch] interface vlanif 10
    [Switch-Vlanif10] ip address 10.164.1.20 24
    [Switch-Vlanif10] quit

    # Configure GE1/0/2 as the primary interface and configure an IP address for it.

    [Switch] interface gigabitethernet 1/0/2
    [Switch-GigabitEthernet1/0/2] undo portswitch
    [Switch-GigabitEthernet1/0/2] ip address 10.164.10.10 24
    [Switch-GigabitEthernet1/0/2] quit

    # Configure GE1/0/3 as the primary interface and configure an IP address for it.

    [Switch] interface gigabitethernet 1/0/3
    [Switch-GigabitEthernet1/0/3] undo portswitch
    [Switch-GigabitEthernet1/0/3] ip address 10.164.20.1 24
    [Switch-GigabitEthernet1/0/3] quit

  2. Configure static ARP entries on the Switch.

    [Switch] arp static 10.164.1.1 00e0-fc01-0001 vid 10 interface gigabitethernet 1/0/1
    [Switch] arp static 10.164.10.1 0df0-fc01-003a interface gigabitethernet 1/0/2

  3. Verify the configuration.

    # Run the display arp static command to verify the configured static ARP entries.

    [Switch] display arp static
    IP ADDRESS      MAC ADDRESS     EXPIRE(M) TYPE        INTERFACE   VPN-INSTANCE
                                              VLAN/CEVLAN
    ------------------------------------------------------------------------------
    10.164.1.1      00e0-fc01-0001            S--         GE1/0/1
                                                10/-
    10.164.10.1     0df0-fc01-003a            S--         GE1/0/2
    ------------------------------------------------------------------------------
    Total:2         Dynamic:0       Static:2     Interface:0

    # Ping the IP address 10.164.20.2/24 of the interface on the Router connecting to the Switch from a host (for example, using the IP address 10.164.1.1/24 and Windows 7 operating system) in the president's office. The ping succeeds.

    C:\Documents and Settings\Administrator> ping 10.164.20.2
    Pinging 10.164.20.2 with 32 bytes of data:
    Reply from 10.164.20.2: bytes=32 time=1ms TTL=128
    Reply from 10.164.20.2: bytes=32 time=1ms TTL=128
    Reply from 10.164.20.2: bytes=32 time=1ms TTL=128
    Reply from 10.164.20.2: bytes=32 time=1ms TTL=128
    
    Ping statistics for 10.164.20.2:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 1ms, Maximum = 1ms, Average = 1ms

    # Ping the IP address 10.164.10.10/24 of the file backup server from a host (for example, using the IP address 10.164.2.100/24 and Windows 7 operating system) in the marketing department. The ping succeeds.

    C:\Documents and Settings\Administrator> ping 10.164.10.10
    Pinging 10.164.10.10 with 32 bytes of data:
    Reply from 10.164.10.10: bytes=32 time=1ms TTL=125
    Reply from 10.164.10.10: bytes=32 time=1ms TTL=125
    Reply from 10.164.10.10: bytes=32 time=1ms TTL=125
    Reply from 10.164.10.10: bytes=32 time=1ms TTL=125
    
    Ping statistics for 10.164.10.10:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 1ms, Maximum = 1ms, Average = 1ms

    # Ping the IP address 10.164.10.10/24 of the file backup server from a host (for example, using the IP address 10.164.3.100/24 and Windows 7 operating system) in the R&D department. The ping succeeds.

    C:\Documents and Settings\Administrator> ping 10.164.10.10
    Pinging 10.164.10.10 with 32 bytes of data:
    Reply from 10.164.10.10: bytes=32 time=1ms TTL=125
    Reply from 10.164.10.10: bytes=32 time=1ms TTL=125
    Reply from 10.164.10.10: bytes=32 time=1ms TTL=125
    Reply from 10.164.10.10: bytes=32 time=1ms TTL=125
    
    Ping statistics for 10.164.10.10:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 1ms, Maximum = 1ms, Average = 1ms

Configuration Files

Switch configuration file

#
sysname Switch
#
vlan batch 10
#
interface Vlanif10
 ip address 10.164.1.20 255.255.255.0
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 10
#
interface GigabitEthernet1/0/2
 undo portswitch
 ip address 10.164.10.10 255.255.255.0
#
interface GigabitEthernet1/0/3
 undo portswitch
 ip address 10.164.20.1 255.255.255.0
#
arp static 10.164.1.1 00e0-fc01-0001 vid 10 interface GigabitEthernet1/0/1
arp static 10.164.10.1 0df0-fc01-003a interface GigabitEthernet1/0/2
#
return
Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100065743

Views: 27243

Downloads: 31

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next