When configuring ARP, go to these sections
for information you are interested in:
l
ARP Overview
l
Configuring ARP
l
Configuring Gratuitous ARP
l
Displaying and Maintaining
ARP
1.1 ARP
Overview
Address resolution protocol (ARP) is used
to resolve an IP address into a MAC address.
An IP address is the address of a host at
the network layer. To send a network layer packet to a destination host, the
device must know the MAC address of the destination host. To this end, the IP
address must be resolved into the corresponding MAC address.
Figure 1-1 ARP message format
The following explains the fields in Figure 1-1.
l
Hardware type: This field specifies the type of
a hardware address. The value “1” represents an Ethernet address.
l
Protocol type: This field specifies the type of
the protocol address to be mapped. The hexadecimal value “0x0800”
represents an IP address.
l
Hardware address length and protocol address
length: They respectively specify the length of a hardware address and a
protocol address, in bytes. For an Ethernet address, the value of the hardware
address length field is "6”. For an IP(v4) address, the value of the
protocol address field is “4”.
l
OP: Operation code. This field specifies the
type of ARP message. The value “1” represents an ARP request and
“2” represents an ARP reply.
l
Sender hardware address: This field specifies
the hardware (MAC) address of the device sending the message.
l
Sender protocol address: This field specifies
the IP address of the device sending the message.
l
Target hardware address: This field specifies
the hardware address of the device the message is being sent to.
l
Target protocol address: This field specifies
the IP address of the device the message is being sent to.
Figure 1-2 ARP process
Suppose that Host A and Host B are on the
same subnet and that Host A sends a message to Host B. The resolution process
is as follows:
1)
Host A looks in its ARP mapping table to see
whether there is an ARP entry for Host B. If Host A finds it, Host A uses the
MAC address in the entry to encapsulate the IP packet into a data link layer
frame and sends the frame to Host B.
2)
If Host A finds no entry for Host B, Host A
buffers the packet and broadcasts an ARP request, in which the source IP
address and source MAC address are respectively the IP address and MAC address
of Host A and the destination IP address and MAC address are respectively the
IP address of Host B and an all-zero MAC address. As ARP request packet is
broadcast, an ARP request packet is received by all the hosts in the network
segment. However, only the intended host (host B) processes and responds to it.
3)
Host B compares its own IP address with the
destination IP address in the ARP request. If they are the same, Host B saves
the source IP address and source MAC address into its ARP mapping table,
encapsulates its MAC address into an ARP reply, and unicasts the reply to Host
A.
4)
After receiving the ARP reply, Host A adds the
MAC address of Host B into its ARP mapping table for subsequent packet
forwarding. Meanwhile, Host A encapsulates the IP packet and sends it out.
When Host A and
Host B are not on the same subnet, Host A first sends an ARP request to the
gateway. The destination IP address in the ARP request is the IP address of the
gateway. After obtaining the MAC address of the gateway from an ARP reply, Host
A encapsulates the packet and sends it to the gateway. Subsequently, the
gateway broadcasts the ARP request, in which the destination IP address is the
one of Host B. After obtaining the MAC address of Host B from another ARP
reply, the gateway sends the packet to Host B.
After obtaining the destination MAC
address, the device adds the IP address to MAC address mapping into its own ARP
mapping table, for forwarding packets with the same destination in future.
ARP entries fall into two categories:
dynamic and static.
1)
A dynamic entry is automatically created and
maintained by ARP. It can get aged, be updated by a new ARP packet, or be
overwritten by a static ARP entry. When the aging timer expires or the
interface goes down, the corresponding dynamic ARP entry will be removed.
2)
A static ARP entry is manually configured and
maintained. It cannot get aged or be overwritten by a dynamic ARP entry. It can
be permanent or non-permanent.
l
A permanent static ARP entry can be directly
used to forward data. When configuring a permanent static ARP entry, you must
configure a VLAN and outbound port for the entry besides the IP address and MAC
address.
l
A non-permanent static ARP entry cannot be
directly used for forwarding data. When configuring a non-permanent static ARP
entry, you only need to configure the IP address and MAC address. When
forwarding IP packets, the device sends an ARP request. If the source IP and
MAC addresses in the received ARP reply are the same as the configured IP and
MAC addresses, the device adds the port receiving the ARP reply into the static
ARP entry. Now the entry can be used for forwarding IP packets.
Usually ARP
dynamically implements and automatically seeks mappings from IP addresses to
MAC addresses, without manual intervention.
1.2 Configuring
ARP
Follow these steps to add a static ARP
entry:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Configure a permanent static ARP entry
|
arp static ip-address mac-address [ vlan-id
interface-type interface-number ]
|
Required
No permanent static ARP entry is
configured by default.
|
|
Configure a non-permanent static ARP
entry
|
arp static ip-address mac-address
|
Required
No non-permanent static ARP entry is
configured by default.
|
Caution:
l
A static ARP mapping is effective when the
device works normally. However, when a VLAN or VLAN interface is deleted, the corresponding
ARP entries will be deleted accordingly.
l
The vlan-id argument must be the ID of an
existing VLAN which corresponds to the ARP entries. In addition, the Ethernet
port following the argument must belong to that VLAN. A VLAN interface must be
created for the VLAN.
Follow these steps to set the maximum number
of dynamic ARP entries that a VLAN interface can learn:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Enter VLAN interface view
|
interface vlan-interface vlan-id
|
—
|
|
Set the maximum number
of dynamic ARP entries that a VLAN interface can learn
|
arp max-learning-num number
|
Optional
2048 by default
|
After dynamic ARP entries expire, the
system will delete them from the ARP mapping table. You can adjust the aging
time for dynamic ARP entries according to the actual network condition.
Follow these steps to set aging time for
dynamic ARP entries:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Set aging time for dynamic ARP entries
|
arp timer aging aging-time
|
Optional
20 minutes by default
|
ARP entry check function is used to control
multicast MAC address learning. By default, it is enabled on an S5500-SI
Ethernet switch. That is, the switches do not learn multicast MAC addresses.
Multicast MAC learning is enabled once the ARP entry check function is
disabled.
Follow these steps to enable the ARP entry
check:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Enable the ARP entry check
|
arp check enable
|
Optional
Enabled by default
|
1.2.5 ARP Configuration Example
I. Network requirement
l
Enable the ARP entry check.
l
Set the aging time for dynamic ARP entries to 10
minutes.
l
Add an ARP entry, with the IP address being
192.168.1.1, the MAC address being 00e0-fc01-0000, and the outbound interface
being GigabitEthernet1/0/2 of VLAN 10.
II. Configuration procedure
<Sysname> system-view
[Sysname] arp check enable
[Sysname] arp timer aging 10
[Sysname] vlan 10
[Sysname-vlan10] quit
[Sysname] interface vlan-interface 10
[Sysname- vlan-interface10] quit
[Sysname] interface GigabitEthernet
1/0/2
[Sysname-GigabitEthernet1/0/2] port
access vlan 10
[Sysname-GigabitEthernet1/0/2] quit
[Sysname] arp static 192.168.1.1 00e0-fc01-0000
10 GigabitEthernet1/0/2
1.3 Configuring Gratuitous ARP
A gratuitous ARP
packet is a special ARP packet, in which the source IP address and destination
IP address are both the IP address of the sender.
A device can implement the following
functions by sending gratuitous ARP packets:
l
Determining whether its IP address is already
used by another device.
l
Informing other devices of its MAC address
change so that they can update their ARP entries.
A device receiving a gratuitous ARP packet
can add the information carried in the packet to its own dynamic ARP mapping
table if it finds no corresponding ARP entry for the ARP packet in the cache.
1.3.2 Configuring
Gratuitous ARP
Follow these steps to configure gratuitous
ARP:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Enable the device to send gratuitous ARP
packets
|
gratuitous-arp-sending enable
|
Optional
A device cannot send gratuitous ARP
packets by default.
|
|
Enable the gratuitous ARP packet learning
function
|
gratuitous-arp-learning enable
|
Required
Disabled by default.
|
1.4 Displaying and Maintaining ARP
|
To do…
|
Use the command…
|
Remarks
|
|
Display the ARP entries in the ARP
mapping table
|
display arp { { all | dynamic | static } | vlan
vlan-id | interface interface-type interface-number }
[ [ | { begin | exclude | include } text ]
| count ]
|
Available in any view
|
|
Display the ARP entries for a specified
IP address
|
display arp ip-address [ | { begin | exclude | include
} text ]
|
Available in any view
|
|
Display the aging time for dynamic ARP
entries
|
display arp timer aging
|
Available in any view
|
|
Display the configuration information of
ARP source suppression
|
display arp source-suppression
|
Available in any view
|
|
Clear ARP entries from the ARP mapping
table
|
reset arp {
all | dynamic | static | interface interface-type
interface-number }
|
Available in user view
|
Chapter 2 Proxy ARP Configuration
When configuring proxy ARP, go to these sections for information you
are interested in:
l
Proxy ARP Overview
l
Enabling Proxy ARP
l
Displaying and Maintaining
Proxy ARP
l
Proxy ARP Configuration
Example
2.1 Proxy
ARP Overview
For an ARP request of a host on a network
to be forwarded to an interface that is on the same network but isolated at
Layer 2 or a host on another network, the device connecting the two physical or
virtual networks must be able to respond to the request. This is achieved by
proxy ARP.
Proxy ARP can be divided to proxy ARP and
local proxy ARP.
Within a network segment, hosts connecting
with different VLAN interfaces can communicate with each other through Layer 3
forwarding by using the proxy ARP function.
To realize Layer 3 connectivity, you need
to enable the local proxy ARP function in the following two cases.
l
The Layer 2 port isolation function is enabled
on the switches attached to the S5500-SI series Ethernet switches.
l
The isolated-user-vlan function is enabled on
the switches attached to the S5500-SI series Ethernet switches.
2.2 Enabling
Proxy ARP
Follow these steps to enable proxy ARP in
VLAN interface view/Ethernet interface view or enable local proxy ARP in VLAN
interface view:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Enter VLAN interface view
|
interface vlan-interface vlan-id
|
Required
|
|
Enable proxy ARP
|
proxy-arp enable
|
Required
Disabled by default
|
|
Enable local proxy ARP
|
local-proxy-arp enable
|
Required
Disabled by default
|
2.3 Displaying and Maintaining Proxy ARP
|
To do…
|
Use the command…
|
Remarks
|
|
Display whether proxy ARP is enabled
|
display proxy-arp [ interface vlan-interface vlan-id ]
|
Available in any view
|
|
Display whether local proxy ARP is
enabled
|
display local-proxy-arp [ interface vlan-interface vlan-id ]
|
Available in any view
|
I. Network requirement
PC1 belongs to VLAN1, and PC4 belongs to
VLAN2. Configure proxy ARP on the device to enable the communication between
the two.
II. Network diagram
Figure 2-1 Network diagram for proxy ARP
III. Configuration procedure
# Configure Proxy ARP on the device to
enable the communication between PC 1 and PC 4.
<Sysname> system-view
[Sysname] vlan 1
[Sysname-vlan1] quit
[Sysname] vlan 2
[Sysname-vlan2] quit
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] ip address
192.168.10.99 255.255.255.0
[Sysname-Vlan-interface1] proxy-arp enable
[Sysname-Vlan-interface1] quit
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] ip address
192.168.20.99 255.255.255.0
[Sysname-Vlan-interface2] proxy-arp enable
[Sysname-Vlan-interface2] quit
I. Network requirement
l
PC1 and PC2 belong to the same VLAN, and are
connected to GE1/0/3 and GE1/0/4 of the switch respectively.
l
The switch is connected to the Switch A
(S5500-28C-SI) via GE1/0/2
l
GE1/0/3 and GE1/0/4 isolated at layer 2 can implement
layer 3 communication..
II. Network diagram
Figure 2-2 Network diagram for local
proxy ARP between isolated ports
III. Configuration procedure
1)
Configure the Switch B
# Add GE1/0/2, GE1/0/3 and GE1/0/4 to VLAN
2. PC1 and PC2 are isolated and unable to exchange Layer 2 packets.
For detailed configuration information,
refer to Port Correlation Configuration.
2)
Configure the Switch A (S5500-28C-SI)
# Create VLAN 2, and add GE1/0/1 to VLAN 2.
For detailed configuration information,
refer to VLAN Configuration.
# Create vlan-interface 2 on the Switch A
and configure local proxy ARP to let PC1 and PC2 communicate at Layer 3.
<SwitchA> system-view
[SwitchA] interface vlan-interface 2
[SwitchA-Vlan-interface2]
local-proxy-arp enable
[SwitchA-Vlan-interface2] quit
I. Network requirement
l
Switch A (an S5500-28C-SI Ethernet switch)
connects to Switch B through port GigabitEthernet1/0/1.
l
VLAN 5 on Switch B is an isolate-user-vlan,
which contains the uplink port GigabitEthernet1/0/1 and two secondary VLANs
(VLAN 2 and VLAN 3). Port GigabitEthernet1/0/2 belongs to VLAN2. Port
GigabitEthernet1/0/3 belongs to VLAN3.
l
Layer 3 communication is implemented between
VLAN 2 and VLAN 3.
II. Network diagram
Figure 2-3 Network diagram for local
proxy ARP configuration in isolate-user-vlan
III. Configuration procedure
1)
Configure the Switch B
# Create VLAN 2, VLAN 3, and VLAN 5 on the
Switch B. Add GE1/0/2 to VLAN2, GE1/0/3 to VLAN 3, and GE1/0/1 to VLAN 5. Configure
VLAN5 as the isolate-user-vlan, and VLAN 2 and VLAN 3 as secondary VLANs. Configure
the mappings between isolate-user-vlan and the secondary VLANs.
For detailed configuration information,
refer to VLAN Configuration.
2)
Configure the Switch A ( S5500-28C-SI )
# Create VLAN5 and add GE1/0/1 to it.
Refer to VLAN Configuration for
detailed configuration information
# Create vlan-interface5 on the Router. Configure
local proxy ARP to implement communication between VLAN 2 and VLAN 3.
<SwitchA> system-view
[SwitchA] interface vlan-interface 5
[SwitchA-Vlan-interface5]
local-proxy-arp enable
[SwitchA-Vlan-interface5] quit
