No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - IP Service

AR100, AR120, AR160, AR1200, AR2200, AR3200, and AR3600 V300R003

This document describes the concepts and configuration procedures of IP Service features on the device, and provides the configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Static ARP

Example for Configuring Static ARP

Networking Requirements

As shown in Figure 2-12, a router connects departments of a company and each department joins different VLANs. Hosts in the headquarters office and the file backup server are allocated manually configured IP addresses, and hosts in departments dynamically obtain IP addresses by using DHCP. Hosts in the marketing department can access the Internet and are often attacked by ARP packets. Attackers attack the router and modify dynamic ARP entries on the router. As a result, communication between hosts in the headquarters office and external devices is interrupted and hosts in departments fail to access the file backup server. The company requires that static ARP entries be configured on the router so that hosts in the headquarters office can communicate with external devices and hosts in departments can access the file backup server.

Figure 2-12  Networking diagram for configuring static ARP

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure static ARP entries for hosts in the headquarters office on the router to prevent ARP entries of the hosts in the headquarters office from being modified in ARP attack packets.
  2. Configure a static ARP entry for the file backup server on the router to prevent the ARP entry of the file backup server from being modified in ARP attack packets.

Procedure

  1. Configure static ARP entries for the host in the headquarters office on the router.

    # Create VLAN10.

    <Huawei> system-view
    [Huawei] sysname Router
    [Router] vlan 10
    [Router-vlan10] quit

    # Add Ethernet2/0/0 to VLAN 10.

    [Router] interface ethernet 2/0/0
    [Router-Ethernet2/0/0] port hybrid tagged vlan 10
    [Router-Ethernet2/0/0] quit

    # Configure an IP address for VLANIF 10.

    [Router] interface vlanif 10
    [Router-Vlanif10] ip address 10.164.1.20 255.255.255.0
    [Router-Vlanif10] quit

    # Configure static ARP entries for the host in the headquarters office. PC A is used as an example. The IP address of PC A is 10.164.1.1 and maps the MAC address 00e0-fc01-0001, the VLAN ID is 10 and the outbound interface is Ethernet2/0/0.

    [Router] arp static 10.164.1.1 00e0-fc01-0001 vid 10 interface ethernet 2/0/0
    

    # Configure static ARP entries for other hosts in the headquarters office. The configuration method is similar to that of PC A.

  2. Configure a static ARP entry for the file backup server on the router.

    # Configure an IP address for GE3/0/0.

    [Router] interface gigabitethernet 3/0/0
    [Router-GigabitEthernet3/0/0] ip address 10.164.10.10 255.255.255.0
    [Router-GigabitEthernet3/0/0] quit

    # Configure a static ARP entry for the file backup server, The IP address 10.164.10.1/24 maps the MAC address 0df0-fc01-003a.

    [Router] arp static 10.164.10.1 0df0-fc01-003a
    [Router] quit

  3. Verify the configuration.

    # Run the display current-configuration command to view static ARP entries.

    <Router> display current-configuration | include arp
     arp static 10.164.1.1 00e0-fc01-0001 vid 10 interface Ethernet 2/0/0
     arp static 10.164.10.1 0df0-fc01-003a
    

Configuration Files

Router configuration file

#
 sysname Router
#
vlan batch 10 20 30
#
interface Ethernet2/0/0
 port hybrid tagged vlan 10
#
interface Vlanif10
 ip address 10.164.1.20 255.255.255.0
#
interface GigabitEthernet3/0/0
 ip address 10.164.10.10 255.255.255.0
# 
 arp static 10.164.1.1 00e0-fc01-0001 vid 10 interface Ethernet 2/0/0
 arp static 10.164.10.1 0df0-fc01-003a
#
return
Translation
Download
Updated: 2019-03-06

Document ID: EDOC1100069333

Views: 33708

Downloads: 169

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next