Chapter 1 ARP Configuration
When configuring ARP, go to these sections
for information you are interested in:
l
ARP Overview
l
Configuring ARP
l
Configuring Gratuitous ARP
l
Displaying and Maintaining
ARP
1.1 ARP Overview
Address Resolution Protocol (ARP) is used to
resolve an IP address into a data link layer address.
An IP address is the address of a host at
the network layer. To send a network layer packet to a destination host, the
device must know the data link layer address (such as the MAC address) of the destination
host. To this end, the IP address must be resolved into the corresponding data
link layer address.
Unless otherwise
stated, the data link layer addresses that appear in this chapter refer to the
48-bit Ethernet MAC addresses.
1.1.2 ARP Message Format
Figure 1-1 ARP message format
The
following explains the fields in Figure 1-1.
l
Hardware type: This field specifies the hardware
address type. The value “1” represents Ethernet.
l
Protocol type: This field specifies the type of
the protocol address to be mapped. The hexadecimal value “0x0800”
represents IP.
l
Hardware address length and protocol address
length: They respectively specify the length of a hardware address and a protocol
address, in bytes. For an Ethernet address, the value of the hardware address
length field is "6”. For an IP(v4) address, the value of the protocol
address length field is “4”.
l
OP: Operation code. This field specifies the
type of ARP message. The value “1” represents an ARP request and
“2” represents an ARP reply.
l
Sender hardware address: This field specifies
the hardware address of the device sending the message.
l
Sender protocol address: This field specifies
the protocol address of the device sending the message.
l
Target hardware address: This field specifies
the hardware address of the device the message is being sent to.
l
Target protocol address: This field specifies
the protocol address of the device the message is being sent to.
Suppose that Host A and Host B are on the
same subnet and that Host A sends a message to Host B, as show in Figure 1-2. The
resolution process is as follows:
1)
Host A looks in its ARP mapping table to see
whether there is an ARP entry for Host B. If Host A finds it, Host A uses the
MAC address in the entry to encapsulate the IP packet into a data link layer
frame and sends the frame to Host B.
2)
If Host A finds no entry for Host B, Host A buffers
the packet and broadcasts an ARP request, in which the source IP address and
source MAC address are respectively the IP address and MAC address of Host A and
the destination IP address and MAC address are respectively the IP address of
Host B and an all-zero MAC address. Because the ARP request is sent in broadcast
mode, all hosts on this subnet can receive the request, but only the requested
host (namely, Host B) will process the request.
3)
Host B compares its own IP address with the
destination IP address in the ARP request. If they are the same, Host B saves
the source IP address and source MAC address into its ARP mapping table,
encapsulates its MAC address into an ARP reply, and unicasts the reply to Host
A.
4)
After receiving the ARP reply, Host A adds the
MAC address of Host B into its ARP mapping table for subsequent packet
forwarding. Meanwhile, Host A encapsulates the IP packet and sends it out.
Figure 1-2 ARP address resolution
process
When Host A and Host B are not on the same
subnet, Host A first sends an ARP request to the gateway. The destination IP
address in the ARP request is the IP address of the gateway. After obtaining
the MAC address of the gateway from an ARP reply, Host A encapsulates the
packet and sends it to the gateway. Subsequently, the gateway broadcasts the
ARP request, in which the destination IP address is the one of Host B. After
obtaining the MAC address of Host B from another ARP reply, the gateway sends
the packet to Host B.
After obtaining the destination MAC
address, the device adds the IP-to-MAC mapping into its own ARP mapping table.
This mapping is used for forwarding packets with the same destination in
future.
An ARP mapping table contains ARP entries,
which fall into two categories: dynamic and static.
1)
A dynamic entry is automatically created and
maintained by ARP. It can get aged, be updated by a new ARP packet, or be
overwritten by a static ARP entry. When the aging timer expires or the port goes
down, the corresponding dynamic ARP entry will be removed.
2)
A static ARP entry is manually configured and
maintained. It cannot get aged or be overwritten by a dynamic ARP entry. It can
be permanent or non-permanent.
l
A permanent static ARP entry can be directly
used to forward packets. When configuring a permanent static ARP entry, you
must configure a VLAN and outbound port for the entry besides the IP address
and MAC address.
l
A non-permanent static ARP entry cannot be directly
used for forwarding data. When configuring a non-permanent static ARP entry,
you only need to configure the IP address and MAC address. When forwarding IP
packets, the device sends an ARP request. If the source IP and MAC addresses in
the received ARP reply are the same as the configured IP and MAC addresses, the
device adds the port receiving the ARP reply into the static ARP entry. Now the
entry can be used for forwarding IP packets.
Usually ARP
dynamically implements and automatically seeks mappings from IP addresses to
MAC addresses, without manual intervention.
1.2 Configuring
ARP
A static ARP entry is effective when the
device works normally. However, when a VLAN or VLAN interface to which a static
ARP entry corresponds is deleted, the entry, if permanent, will be deleted, and
if non-permanent and resolved, will become unresolved.
Follow these steps to configure a static
ARP entry:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Configure a permanent static ARP entry
|
arp static ip-address mac-address vlan-id
interface-type interface-number
|
Required
No permanent static ARP entry is
configured by default.
|
|
Configure a non-permanent static ARP
entry
|
arp static ip-address mac-address
|
Required
No non-permanent static ARP entry is
configured by default.
|
Caution:
The vlan-id
argument must be the ID of an existing VLAN which corresponds to the ARP
entries. In addition, the Ethernet port following the argument must belong to
that VLAN. A VLAN interface must be created for the VLAN.
1.2.2 Configuring the Maximum Number of ARP Entries for a VLAN Interface
Follow these steps to set the maximum number
of dynamic ARP entries that a VLAN interface can learn:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Enter VLAN interface view
|
interface Vlan-interface vlan-id
|
—
|
|
Set the maximum number
of dynamic ARP entries that a VLAN interface can learn
|
arp max-learning-num number
|
Optional
8192 by default.
|
After dynamic ARP entries expire, the
system will delete them from the ARP mapping table. You can adjust the aging
time for dynamic ARP entries according to the actual network condition.
Follow these steps to set aging time for
dynamic ARP entries:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Set aging time for dynamic ARP entries
|
arp timer aging aging-time
|
Optional
20 minutes by default.
|
The ARP entry check can control the device
to learn multicast MAC addresses. With the ARP entry check enabled, the device cannot
learn any ARP entry with a multicast MAC address. Configuring such a static ARP
entry is not allowed either; otherwise, the system prompts error information.
After the ARP entry check is disabled, the device
can learn the ARP entry with a multicast MAC address, and you can also configure
such a static ARP entry on the device.
Follow these steps to enable the ARP entry
check:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Enable the ARP entry check
|
arp check enable
|
Optional
Enabled by default.
|
1.2.5 ARP Configuration Example
I. Network requirements
l
Enable the ARP entry check.
l
Set the aging time for dynamic ARP entries to 10
minutes.
l
Set the maximum number of dynamic ARP entries
that VLAN-interface 10 can learn to 1000.
l
Add a static ARP entry, with the IP address being
192.168.1.1/24, the MAC address being 000f-e201-0000, and the outbound port being
GigabitEthernet 1/0/10 of VLAN 10.
II. Configuration procedure
<Sysname> system-view
[Sysname] arp check enable
[Sysname] arp timer aging 10
[Sysname] vlan 10
[Sysname-vlan10] port gigabitethernet
1/0/10
[Sysname-vlan10] quit
[Sysname] interface vlan-interface 10
[Sysname-vlan-interface10] arp
max-learning-num 1000
[Sysname-vlan-interface10] quit
[Sysname] arp static 192.168.1.1 000f-e201-0000
10 gigabitethernet1/0/10
1.3 Configuring Gratuitous ARP
1.3.1 Introduction
to Gratuitous ARP
A gratuitous ARP
packet is a special ARP packet, in which the source IP address and destination
IP address are both the IP address of the sender, the source MAC address is the
MAC address of the sender, and the destination MAC address is a broadcast address.
A device can implement the following
functions by sending gratuitous ARP packets:
l
Determining whether its IP address is already used
by another device.
l
Informing other devices of its MAC address change
so that they can update their ARP entries.
A device receiving a gratuitous ARP packet can
add the information carried in the packet to its own dynamic ARP mapping table
if it finds no corresponding ARP entry for the ARP packet in the cache.
1.3.2 Configuring Gratuitous ARP
Follow these steps to configure gratuitous
ARP:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Enable the device to send gratuitous ARP
packets when receiving ARP requests from another network segment
|
gratuitous-arp-sending enable
|
Required
By default, a device cannot send
gratuitous ARP packets when receiving ARP requests from another network
segment.
|
|
Enable the gratuitous ARP packet learning
function
|
gratuitous-arp-learning enable
|
Required
Enabled by default.
|
1.4 Displaying and Maintaining ARP
|
To do…
|
Use the command…
|
Remarks
|
|
Display the ARP entries in the ARP
mapping table
|
display arp { { all | dynamic | static } | vlan
vlan-id | interface interface-type interface-number }
[ | { begin | exclude | include } string |
count ]
|
Available in any view
|
|
Display the ARP entries for a specified
IP address
|
display arp ip-address [ | { begin | exclude | include } string
]
|
Available in any view
|
|
Display the aging time for dynamic ARP
entries
|
display arp timer aging
|
Available in any view
|
|
Clear ARP entries from the ARP mapping
table
|
reset arp {
all | dynamic | static | interface interface-type
interface-number }
|
Available in user view
|
Executing the reset
arp interface interface-type interface-number command only
removes dynamic ARP entries of the specified port. To remove specified static
ARP entries, you need to use the undo arp ip-address command.
Chapter 2 Proxy ARP Configuration
When configuring proxy ARP, go to these sections for information you
are interested in:
l
Proxy ARP Overview
l
Enabling Proxy ARP
l
Displaying and Maintaining
Proxy ARP
2.1 Proxy
ARP Overview
For an ARP request of a host on a network
to be forwarded to an interface that is on the same network but isolated at
Layer 2 or a host on another network, the device connecting the two physical or
virtual networks must be able to respond to the request. This is achieved by
proxy ARP.
Proxy ARP implements Layer 3 communication between
VLAN interfaces isolated at Layer 2 or located on different networks.
In one of the following cases, you need to
enable the local proxy ARP:
l
Devices connected to different isolated Layer 2
ports in the same VLAN on a switch need to implement Layer 3 communication.
l
With the isolate-user-vlan function enabled on a
device attached to a switch, devices in different secondary VLANs need to
implement Layer 3 communication.
2.2
Enabling Proxy ARP
Follow these steps to enable proxy ARP or
enable local proxy ARP in VLAN interface view:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Enter VLAN interface view
|
interface Vlan-interface vlan-id
|
Required
|
|
Enable proxy ARP
|
proxy-arp enable
|
Required
Disabled by default.
|
|
Enable local proxy ARP
|
local-proxy-arp enable
|
Required
Disabled by default.
|
|
To do…
|
Use the command…
|
Remarks
|
|
Display whether proxy ARP is enabled
|
display proxy-arp [ interface Vlan-interface vlan-id ]
|
Available in any view
|
|
Display whether local proxy ARP is
enabled
|
display local-proxy-arp [ interface Vlan-interface vlan-id ]
|
Available in any view
|
I. Network requirements
Host A and Host D have IP addresses of the
same network segment. Host A belongs to VLAN 1, and Host D belongs to VLAN 2.
Configure proxy ARP on the device to enable the communication between the two
hosts.
II. Network diagram
Figure
2-1 Network diagram for proxy ARP
III. Configuration procedure
# Configure Proxy ARP on the device to
enable the communication between Host A and Host D.
<Switch> system-view
[Switch] vlan 2
[Switch-vlan2] quit
[Switch] interface vlan-interface 1
[Switch-Vlan-interface1] ip address
192.168.10.99 255.255.255.0
[Switch-Vlan-interface1] proxy-arp
enable
[Switch-Vlan-interface1] quit
[Switch] interface vlan-interface 2
[Switch-Vlan-interface2] ip address
192.168.20.99 255.255.255.0
[Switch-Vlan-interface2] proxy-arp
enable
[Switch-Vlan-interface2] quit
I. Network requirements
l
Host A and Host B belong to the same VLAN, and are
connected to GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 of Switch B
respectively.
l
Switch B is connected to Switch A via GigabitEthernet
1/0/1.
l
GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 isolated
at Layer 2 can implement Layer 3 communication.
II. Network diagram
Figure
2-2 Network diagram for local proxy ARP between
isolated ports
III. Configuration procedure
1)
Configure Switch B
# Create VLAN 2 on Switch B, on which GigabitEthernet
1/0/1, GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 belong to VLAN 2. Host A
and Host B are isolated and unable to exchange Layer 2 packets.
<SwitchB> system-view
[SwitchB] vlan 2
[SwitchB-vlan2] port gigabitethernet 1/0/1
[SwitchB-vlan2] port gigabitethernet 1/0/2
[SwitchB-vlan2] port gigabitethernet 1/0/3
[SwitchB-vlan2] quit
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2]
port-isolate enable
[SwitchB-GigabitEthernet1/0/2] quit
[SwitchB] interface gigabitethernet 1/0/3
[SwitchB-GigabitEthernet1/0/3]
port-isolate enable
[SwitchB-GigabitEthernet1/0/3] quit
2)
Configure Switch A
# Configure an IP address of VLAN-interface
2.
[SwitchA] vlan 2
[SwitchA-vlan2] port gigabitethernet 1/0/2
[SwitchA-vlan2] quit
[SwitchA] interface vlan-interface 2
[SwitchA-Vlan-interface2] ip address 192.168.10.100
255.255.0.0
Ping Host B on Host A to verify that the two
hosts cannot be pinged through, which indicates they are isolated at Layer 2.
# Configure local proxy ARP to let Host A and
Host B communicate at Layer 3.
[SwitchA-Vlan-interface2]
local-proxy-arp enable
[SwitchA-Vlan-interface2] quit
Ping Host B on Host A to verify that the
two hosts can be pinged through, which indicates Layer 3 communication is
implemented.
