No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - IP Service

AR100, AR120, AR160, AR1200, AR2200, AR3200, and AR3600 V300R003

This document describes the concepts and configuration procedures of IP Service features on the device, and provides the configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Static ARP

Configuring Static ARP

To improve communication security, static ARP entries will not be aged or overridden by dynamic ARP entries.

Context

Static ARP entries protect the ARP table against malicious modification. However, the configuration workload is heavy. Static ARP entries are not suitable for a network where IP addresses of hosts may change, and are suitable for a small-sized network.

You can configure static ARP entries manually or using automatic scanning and fixed ARP. When there are fewer static ARP entries, configure them manually. When there are a large number of static ARP entries and the IP addresses in the entries are on the same network segment with the VLANIF interface IP addresses, use automatic scanning and fixed ARP to configure the static ARP entries.

NOTE:

If the outbound interface is an Ethernet interface in Layer 2 mode, you are advised to configure a long static ARP entry. Specify the VLAN and outbound interface when configuring the entry.

When a device is connected to an NLB cluster and multi-interface ARP is used, you can configure only short static ARP entries. For details, see Configuring Multi-Interface ARP.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run arp static ip-address mac-address [ vpn-instance vpn-instance-name ]arp static ip-address mac-address vid vlan-id [ cevid ce-vid ] interface interface-type interface-number

    or

    A static ARP entry is configured.

    • For Layer 3 physical interfaces and Layer 3 Eth-Trunk interfaces, run the arp static ip-address mac-address command to configure static ARPentries.
    • For VLANIF interfaces and Dot1q termination sub-interfaces, run the arp static ip-address mac-address vid vlan-id interface interface-type interface-number command to configure static ARP entries.
    • For QinQ termination sub-interfaces, run the arp static ip-address mac-address vid vlan-id cevid ce-vid interface interface-type interface-number command to configure static ARP mapping entries with double tags. vid specified in this command must be the same as pe-vid in the qinq termination pe-vid ce-vid command, and ce-vid must be within the value range of ce-vid in the qinq termination pe-vid ce-vid command.
    • For interfaces bound to a VPN instance:
      • For Layer 3 physical interfaces and Layer 3 Eth-Trunk interfaces, run the arp static ip-address mac-address vpn-instance vpn-instance-name command to configure static ARP entries.
      • For VLANIF interfaces and Dot1q termination sub-interfaces, run the arp static ip-address mac-address vid vlan-id interface interface-type interface-number command to configure static ARP entries.
      • For QinQ termination sub-interfaces, run the arp static ip-address mac-address vid vlan-id cevid ce-vid interface interface-type interface-number command to configure static ARP mapping entries with double tags. vid specified in this command must be the same as pe-vid in the qinq termination pe-vid ce-vid command, and ce-vid must be within the value range of ce-vid in the qinq termination pe-vid ce-vid command.

Verifying the Configuration

  • Run the display arp [ all | brief ] command to check all ARP mapping entries.

  • Run the display arp network net-number net-mask [ dynamic | static ] command to check ARP mapping entries of a specified network segment.

  • Run the display arp static command to check static ARP mapping entries.

  • Run the display arp interface interface-type interface-number [ vid vlan-id [ cevid cevlan-id ] ] command to check ARP mapping entries of a specified interface.

  • Run the display arp vpn-instance vpn-instance-name static command to check static ARP mapping entries of a specified VPN instance.

Translation
Download
Updated: 2019-03-06

Document ID: EDOC1100069333

Views: 33341

Downloads: 167

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next