Operation Manual ARP H3C S5500-SI Series Ethernet Switches. Table of Contents

Similar documents
Table of Contents 1 ARP Configuration Guide 1-1

HP 6125 Blade Switch Series

HP A5830 Switch Series Layer 3 - IP Services. Configuration Guide. Abstract

H3C S5120-EI Series Ethernet Switches. Layer 3 - IP Services. Configuration Guide. Hangzhou H3C Technologies Co., Ltd.

H3C S10500 Switch Series

H3C S5120-EI Switch Series

HP 3600 v2 Switch Series

H3C S5120-EI Switch Series

ARP attack protection commands

H3C S3600V2 Switch Series

HP A3100 v2 Switch Series

Command Manual MAC Address Table Management H3C S5500-EI Series Ethernet Switches. Table of Contents

Command Manual Network Protocol. Table of Contents

Operation Manual IPv6 H3C S3610&S5510 Series Ethernet Switches Table of Contents. Table of Contents

HP 5120 SI Switch Series

Configuring ARP attack protection 1

Table of Contents 1 Port Mirroring Configuration 1-1

HP Routing Switch Series

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

Table of Contents 1 IP Addressing Configuration IP Performance Configuration 2-1

HPE FlexFabric 5940 Switch Series

HPE FlexNetwork 5510 HI Switch Series

HP FlexFabric 5930 Switch Series

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

Switching & ARP Week 3

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

HP FlexFabric 5930 Switch Series

HPE FlexNetwork 5510 HI Switch Series

H3C S5560S-EI & S5130S-HI[EI] & S5110V2 & S3100V3-EI Switch Series

Table of Contents 1 IPv6 Basics Configuration 1-1

HPE 5920 & 5900 Switch Series

DGS-1510 Series Gigabit Ethernet SmartPro Switch Web UI Reference Guide

Contents. Configuring GRE 1

Configuring ARP attack protection 1

IP Services Volume Organization

Contents. Configuring EVI 1

H3C S5130-HI Switch Series

Contents. EVPN overview 1

Table of Contents Chapter 1 Tunneling Configuration

Chapter 8 ARP(Address Resolution Protocol) Kyung Hee University

Chapter 5: Ethernet. Introduction to Networks - R&S 6.0. Cisco Networking Academy. Mind Wide Open

Operation Manual IP Addressing and IP Performance H3C S5500-SI Series Ethernet Switches. Table of Contents

H3C S6800 Switch Series

Operation Manual DHCP. Table of Contents

H3C S6300 Switch Series

H3C S12500-X & S12500X-AF Switch Series

H3C S6800 Switch Series

H3C S12500 VLAN Configuration examples

HP FlexFabric 5700 Switch Series

Operation Manual DHCP H3C S5500-SI Series Ethernet Switches. Table of Contents. Table of Contents

H3C S5120-SI Switch Series

H3C S7500E-XS Switch Series

Loopback detection configuration commands

H3C S9800 Switch Series

H3C S6520XE-HI Switch Series

HPE FlexFabric 7900 Switch Series

H3C S5830V2 & S5820V2 Switch Series

Table of Contents 1 Stack Configuration 1-1

Configuring IPv6 multicast routing and forwarding 1

H3C S5130-HI Switch Series

H3C S3100V2 Switch Series

Enterprise Data Communication Products. Feature Description - IP Service. Issue 05 Date HUAWEI TECHNOLOGIES CO., LTD.

H3C SecPath Series High-End Firewalls

H3C S5120-HI Switch Series

Introduction to the Packet Tracer Interface using a Hub Topology

Troubleshooting DHCP server configuration 28

Operation Manual VRRP. Table of Contents

HPE FlexFabric 7900 Switch Series

Operation Manual - Network and Routing Protocol. Table of Contents

H3C S5500-HI Switch Series

Configuring ARP. Prerequisites for Configuring ARP. Restrictions for Configuring ARP

Multicast Protocol Configuration Examples H3C S7500 Series Ethernet Switches Release Table of Contents

Chapter 7. ARP and RARP MGH T MGH C I 20

Table of Contents X Configuration 1-1

H3C S5500-HI Switch Series

shortcut Tap into learning NOW! Visit for a complete list of Short Cuts. Your Short Cut to Knowledge

H3C S3100V2-52TP Switch

Configure the Protocol Family on page 40. Configure the Interface Address on page 40

Table of Contents Chapter 1 IP Addressing Configuration

Table of Contents 1 IGMP Snooping Configuration 1-1

Multicast H3C Low-End Ethernet Switches Configuration Examples. Table of Contents

Connecting to the Network

Configure Ethernet Physical Interface Properties on page 82. Configure 802.1Q VLANs on page 83. Configure the Management Ethernet Interface on page 84

Static NAT Mapping with HSRP

Configuring VPLS. VPLS overview. Operation of VPLS. Basic VPLS concepts

H3C S7500E-XS Switch Series

H3C S10500 Attack Protection Configuration Examples

6 Chapter 6. Figure 1 Required Unique Addresses

Configuring IPv6 basics

DHCP Overview. Introduction to DHCP

H3C S12500 Unauthorized DHCP Server Detection Configuration Examples

Table of Contents 1 DHCP Overview DHCP Server Configuration 2-1

Address Resolution Protocol

H3C S12500 Series Routing Switches

H3C S9500 Series Routing Switches

HP 5120 EI Switch Series

The term "router" in this document refers to both routers and Layer 3 switches. Step Command Remarks. ipv6 host hostname ipv6-address

H3C SR6600 Routers. Layer 3 IP Services. Command Reference. Hangzhou H3C Technologies Co., Ltd.

Table of Contents 1 System Maintenance and Debugging Commands 1-1

HPE FlexFabric 5950 Switch Series

Transcription:

Table of Contents Table of Contents... 1-1 1.1 ARP Overview... 1-1 1.1.1 ARP Function... 1-1 1.1.2 ARP Message Format... 1-1 1.1.3 ARP Address Resolution Process... 1-2 1.1.4 ARP Mapping Table... 1-3 1.2 Configuring ARP... 1-4 1.2.1 Configuring a Static ARP Entry... 1-4 1.2.2 Configuring the Maximum Number of ARP Entries for a VLAN Interface... 1-4 1.2.3 Setting Aging Time for Dynamic ARP Entries... 1-5 1.2.4 Enabling the ARP Entry Check... 1-5 1.2.5 ARP Configuration Example... 1-6 1.3 Configuring Gratuitous ARP... 1-6 1.3.1 Introduction to Gratuitous ARP... 1-6 1.3.2 Configuring Gratuitous ARP... 1-6 1.4 Displaying and Maintaining ARP... 1-7 Chapter 2 Proxy ARP Configuration... 2-1 2.1 Proxy ARP Overview... 2-1 2.2 Enabling Proxy ARP... 2-1 2.3 Displaying and Maintaining Proxy ARP... 2-2 2.4 Proxy ARP Configuration Examples... 2-2 2.4.1 Proxy ARP Configuration Example... 2-2 2.4.2 Local Proxy ARP Configuration Example in Case of Port Isolation... 2-3 i

When configuring ARP, go to these sections for information you are interested in: ARP Overview Configuring ARP Configuring Gratuitous ARP Displaying and Maintaining ARP 1.1 ARP Overview 1.1.1 ARP Function Address Resolution Protocol (ARP) is used to resolve an IP address into a data link layer address. An IP address is the address of a host at the network layer. To send a network layer packet to a destination host, the device must know the data link layer address (such as the MAC address) of the destination host. To this end, the IP address must be resolved into the corresponding data link layer address. Note: Unless otherwise stated, the data link layer addresses that appear in this chapter refer to the 48-bit Ethernet MAC addresses. 1.1.2 ARP Message Format Figure 1-1 ARP message format 1-1

The following explains the fields in Figure 1-1. Hardware type: This field specifies the hardware address type. The value 1 represents Ethernet. Protocol type: This field specifies the type of the protocol address to be mapped. The hexadecimal value 0x0800 represents IP. Hardware address length and protocol address length: They respectively specify the length of a hardware address and a protocol address, in bytes. For an Ethernet address, the value of the hardware address length field is "6. For an IP(v4) address, the value of the protocol address length field is 4. OP: Operation code. This field specifies the type of ARP message. The value 1 represents an ARP request and 2 represents an ARP reply. Sender hardware address: This field specifies the hardware address of the device sending the message. Sender protocol address: This field specifies the protocol address of the device sending the message. Target hardware address: This field specifies the hardware address of the device the message is being sent to. Target protocol address: This field specifies the protocol address of the device the message is being sent to. 1.1.3 ARP Address Resolution Process Suppose that Host A and Host B are on the same subnet and that Host A sends a message to Host B, as show in Figure 1-2. The resolution process is as follows: 1) Host A looks in its ARP mapping table to see whether there is an ARP entry for Host B. If Host A finds it, Host A uses the MAC address in the entry to encapsulate the IP packet into a data link layer frame and sends the frame to Host B. 2) If Host A finds no entry for Host B, Host A buffers the packet and broadcasts an ARP request, in which the source IP address and source MAC address are respectively the IP address and MAC address of Host A and the destination IP address and MAC address are respectively the IP address of Host B and an all-zero MAC address. Because the ARP request is sent in broadcast mode, all hosts on this subnet can receive the request, but only the requested host (namely, Host B) will process the request. 3) Host B compares its own IP address with the destination IP address in the ARP request. If they are the same, Host B saves the source IP address and source MAC address into its ARP mapping table, encapsulates its MAC address into an ARP reply, and unicasts the reply to Host A. 4) After receiving the ARP reply, Host A adds the MAC address of Host B into its ARP mapping table for subsequent packet forwarding. Meanwhile, Host A encapsulates the IP packet and sends it out. 1-2

Figure 1-2 ARP address resolution process When Host A and Host B are not on the same subnet, Host A first sends an ARP request to the gateway. The destination IP address in the ARP request is the IP address of the gateway. After obtaining the MAC address of the gateway from an ARP reply, Host A encapsulates the packet and sends it to the gateway. Subsequently, the gateway broadcasts the ARP request, in which the destination IP address is the one of Host B. After obtaining the MAC address of Host B from another ARP reply, the gateway sends the packet to Host B. 1.1.4 ARP Mapping Table After obtaining the destination MAC address, the device adds the IP-to-MAC mapping into its own ARP mapping table. This mapping is used for forwarding packets with the same destination in future. An ARP mapping table contains ARP entries, which fall into two categories: dynamic and static. 1) A dynamic entry is automatically created and maintained by ARP. It can get aged, be updated by a new ARP packet, or be overwritten by a static ARP entry. When the aging timer expires or the port goes down, the corresponding dynamic ARP entry will be removed. 2) A static ARP entry is manually configured and maintained. It cannot get aged or be overwritten by a dynamic ARP entry. It can be permanent or non-permanent. A permanent static ARP entry can be directly used to forward packets. When configuring a permanent static ARP entry, you must configure a VLAN and outbound port for the entry besides the IP address and MAC address. A non-permanent static ARP entry cannot be directly used for forwarding data. When configuring a non-permanent static ARP entry, you only need to configure the IP address and MAC address. When forwarding IP packets, the device sends an ARP request. If the source IP and MAC addresses in the received ARP reply are the same as the configured IP and MAC addresses, the device adds the port 1-3

receiving the ARP reply into the static ARP entry. Now the entry can be used for forwarding IP packets. Note: Usually ARP dynamically implements and automatically seeks mappings from IP addresses to MAC addresses, without manual intervention. 1.2 Configuring ARP 1.2.1 Configuring a Static ARP Entry A static ARP entry is effective when the device works normally. However, when a VLAN or VLAN interface to which a static ARP entry corresponds is deleted, the entry, if permanent, will be deleted, and if non-permanent and resolved, will become unresolved. Follow these steps to configure a static ARP entry: Enter system view system-view Configure a permanent static ARP entry Configure a non-permanent static ARP entry arp static ip-address mac-address vlan-id interface-type interface-number arp static ip-address mac-address No permanent static ARP entry is configured by default. No non-permanent static ARP entry is configured by default. Caution: The vlan-id argument must be the ID of an existing VLAN which corresponds to the ARP entries. In addition, the Ethernet port following the argument must belong to that VLAN. A VLAN interface must be created for the VLAN. 1.2.2 Configuring the Maximum Number of ARP Entries for a VLAN Interface Follow these steps to set the maximum number of dynamic ARP entries that a VLAN interface can learn: 1-4

Enter system view system-view Enter VLAN interface view interface Vlan-interface vlan-id Set the maximum number of dynamic ARP entries that a VLAN interface can learn arp max-learning-num number Optional 2048 by default. 1.2.3 Setting Aging Time for Dynamic ARP Entries After dynamic ARP entries expire, the system will delete them from the ARP mapping table. You can adjust the aging time for dynamic ARP entries according to the actual network condition. Follow these steps to set aging time for dynamic ARP entries: Enter system view system-view Set aging time for dynamic ARP entries arp timer aging aging-time Optional 20 minutes by default. 1.2.4 Enabling the ARP Entry Check The ARP entry check can control the device to learn multicast MAC addresses. With the ARP entry check enabled, the device cannot learn any ARP entry with a multicast MAC address. Configuring such a static ARP entry is not allowed either; otherwise, the system prompts error information. After the ARP entry check is disabled, the device can learn the ARP entry with a multicast MAC address, and you can also configure such a static ARP entry on the device. Follow these steps to enable the ARP entry check: Enter system view system-view Enable the ARP entry check arp check enable Optional Enabled by default. 1-5

1.2.5 ARP Configuration Example I. Network requirements Enable the ARP entry check. Set the aging time for dynamic ARP entries to 10 minutes. Set the maximum number of dynamic ARP entries that VLAN-interface 10 can learn to 1000. Add a static ARP entry, with the IP address being 192.168.1.1/24, the MAC address being 000f-e201-0000, and the outbound port being GigabitEthernet 1/0/10 of VLAN 10. II. Configuration procedure <Sysname> system-view [Sysname] arp check enable [Sysname] arp timer aging 10 [Sysname] vlan 10 [Sysname-vlan10] port gigabitethernet 1/0/10 [Sysname-vlan10] quit [Sysname] interface vlan-interface 10 [Sysname-vlan-interface10] arp max-learning-num 1000 [Sysname-vlan-interface10] quit [Sysname] arp static 192.168.1.1 000f-e201-0000 10 gigabitethernet1/0/10 1.3 Configuring Gratuitous ARP 1.3.1 Introduction to Gratuitous ARP A gratuitous ARP packet is a special ARP packet, in which the source IP address and destination IP address are both the IP address of the sender, the source MAC address is the MAC address of the sender, and the destination MAC address is a broadcast address. A device can implement the following functions by sending gratuitous ARP packets: Determining whether its IP address is already used by another device. Informing other devices of its MAC address change so that they can update their ARP entries. A device receiving a gratuitous ARP packet can add the information carried in the packet to its own dynamic ARP mapping table if it finds no corresponding ARP entry for the ARP packet in the cache. 1.3.2 Configuring Gratuitous ARP Follow these steps to configure gratuitous ARP: 1-6

Enter system view system-view Enable the device to send gratuitous ARP packets when receiving ARP requests from another network segment Enable the gratuitous ARP packet learning function gratuitous-arp-sending enable gratuitous-arp-learning enable By default, a device cannot send gratuitous ARP packets when receiving ARP requests from another network segment. Enabled by default. 1.4 Displaying and Maintaining ARP Display the ARP entries in the ARP mapping table Display the ARP entries for a specified IP address Display the aging time for dynamic ARP entries Clear ARP entries from the ARP mapping table display arp { { all dynamic static } vlan vlan-id interface interface-type interface-number } [ { begin exclude include } string count ] display arp ip-address [ { begin exclude include } string ] display arp timer aging reset arp { all dynamic static interface interface-type interface-number } Available in any view Available in any view Available in any view Available in user view Note: Executing the reset arp interface interface-type interface-number command only removes dynamic ARP entries of the specified port. To remove specified static ARP entries, you need to use the undo arp ip-address command. 1-7

Chapter 2 Proxy ARP Configuration Chapter 2 Proxy ARP Configuration When configuring proxy ARP, go to these sections for information you are interested in: Proxy ARP Overview Enabling Proxy ARP Displaying and Maintaining Proxy ARP 2.1 Proxy ARP Overview For an ARP request of a host on a network to be forwarded to an interface that is on the same network but isolated at Layer 2 or a host on another network, the device connecting the two physical or virtual networks must be able to respond to the request. This is achieved by proxy ARP. Proxy ARP implements Layer 3 communication between VLAN interfaces isolated at Layer 2 or located on different networks. In one of the following cases, you need to enable the local proxy ARP: Devices connected to different isolated Layer 2 ports in the same VLAN on a switch need to implement Layer 3 communication. With the isolate-user-vlan function enabled on a device attached to a switch, devices in different secondary VLANs need to implement Layer 3 communication. 2.2 Enabling Proxy ARP Follow these steps to enable proxy ARP or enable local proxy ARP in VLAN interface view: Enter system view system-view Enter VLAN interface view Enable proxy ARP Enable local proxy ARP interface Vlan-interface vlan-id proxy-arp enable local-proxy-arp enable Disabled by default. Disabled by default. 2-1

Chapter 2 Proxy ARP Configuration 2.3 Displaying and Maintaining Proxy ARP Display whether proxy ARP is enabled Display whether local proxy ARP is enabled display proxy-arp [ interface Vlan-interface vlan-id ] display local-proxy-arp [ interface Vlan-interface vlan-id ] Available in any view Available in any view 2.4 Proxy ARP Configuration Examples 2.4.1 Proxy ARP Configuration Example I. Network requirements Host A and Host D have IP addresses of the same network segment. Host A belongs to VLAN 1, and Host D belongs to VLAN 2. Configure proxy ARP on the device to enable the communication between the two hosts. II. Network diagram Host A 192.168.10.100/16 0000-0c94-36aa Host B Vlan-int1 192.168.10.99/24 Subnet A Switch Vlan-int2 192.168.20.99/24 Subnet B Host C 192.168.20.200/16 0000-0c94-36dd Host D Figure 2-1 Network diagram for proxy ARP III. Configuration procedure # Configure Proxy ARP on the device to enable the communication between Host A and Host D. <Switch> system-view 2-2

Chapter 2 Proxy ARP Configuration [Switch] vlan 2 [Switch-vlan2] quit [Switch] interface vlan-interface 1 [Switch-Vlan-interface1] ip address 192.168.10.99 255.255.255.0 [Switch-Vlan-interface1] proxy-arp enable [Switch-Vlan-interface1] quit [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.20.99 255.255.255.0 [Switch-Vlan-interface2] proxy-arp enable [Switch-Vlan-interface2] quit 2.4.2 Local Proxy ARP Configuration Example in Case of Port Isolation I. Network requirements Host A and Host B belong to the same VLAN, and are connected to GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 of Switch B respectively. Switch B is connected to Switch A via GigabitEthernet 1/0/1. GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 isolated at Layer 2 can implement Layer 3 communication. II. Network diagram SwitchA GE1/0/2 VLAN 2 Vlan-int2 192.168.10.100/16 GE1/0/1 Host A 192.168.10.99/16 GE1/0/2 GE1/0/3 SwitchB Host B 192.168.10.200/16 Figure 2-2 Network diagram for local proxy ARP between isolated ports III. Configuration procedure 1) Configure Switch B # Create VLAN 2 on Switch B, on which GigabitEthernet 1/0/1, GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 belong to VLAN 2. Host A and Host B are isolated and unable to exchange Layer 2 packets. <SwitchB> system-view [SwitchB] vlan 2 2-3

Chapter 2 Proxy ARP Configuration [SwitchB-vlan2] port gigabitethernet 1/0/1 [SwitchB-vlan2] port gigabitethernet 1/0/2 [SwitchB-vlan2] port gigabitethernet 1/0/3 [SwitchB-vlan2] quit [SwitchB] interface gigabitethernet 1/0/2 [SwitchB-GigabitEthernet1/0/2] port-isolate enable [SwitchB-GigabitEthernet1/0/2] quit [SwitchB] interface gigabitethernet 1/0/3 [SwitchB-GigabitEthernet1/0/3] port-isolate enable [SwitchB-GigabitEthernet1/0/3] quit 2) Configure Switch A # Configure an IP address of VLAN-interface 2. [SwitchA] vlan 2 [SwitchA-vlan2] port gigabitethernet 1/0/2 [SwitchA-vlan2] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 192.168.10.100 255.255.0.0 Ping Host B on Host A to verify that the two hosts cannot be pinged through, which indicates they are isolated at Layer 2. # Configure local proxy ARP to let Host A and Host B communicate at Layer 3. [SwitchA-Vlan-interface2] local-proxy-arp enable [SwitchA-Vlan-interface2] quit Ping Host B on Host A to verify that the two hosts can be pinged through, which indicates Layer 3 communication is implemented. 2-4

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback