Login
- Table of Contents
-
- H3C S5500-SI Series Ethernet Switches Operation Manual-Release 1205-(V1.03)
- 00-1Cover
- 00-2Overview
- 01-Login Operation
- 02-Basic System Configuration and Maintenance Operation
- 03-File System Management Operation
- 04-VLAN Operation
- 05-QinQ-BPDU TUNNEL Operation
- 06-Port Correlation Configuration Operation
- 07-MAC Address Table Management Operation
- 08-MSTP Operation
- 09-IP Address and Performance Operation
- 10-IPv6 Configuration Operation
- 11-Routing Overview Operation
- 12-IPV4 Routing Operation
- 13-IPv6 Routing Operation
- 14-802.1x-HABP-MAC Authentication Operation
- 15-AAA-RADIUS-HWTACACS Operation
- 16-Multicast Protocol Operation
- 17-ARP Operation
- 18-DHCP Operation
- 19-ACL Operation
- 20-QoS Operation
- 21-Port Mirroring Operation
- 22-Cluster Operation
- 23-SNMP-RMON Operation
- 24-NTP Operation
- 25-DNS Operation
- 26-Information Center Operation
- 27-NQA Operation
- 28-SSH Terminal Service Operation
- 29-UDP Helper Operation
- 30-SSL-HTTPS Operation
- 31-PKI Operation
- 32-PoE-PoE Profile Operation
- 33-Appendix
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 17-ARP Operation | 533 KB |
Table of Contents
1.2.1 Adding a Static ARP Entry
1.2.2 Setting the Maximum Number of ARP Entries for a VLAN Interface
1.2.3 Setting Aging Time for Dynamic ARP Entries
1.2.4 Enabling the ARP Entry Check
1.2.5 ARP Configuration Example
1.3 Configuring Gratuitous ARP
1.3.1 Introduction to Gratuitous ARP
1.3.2 Configuring Gratuitous ARP
1.4 Displaying and Maintaining ARP
Chapter 2 Proxy ARP Configuration
2.3 Displaying and Maintaining Proxy ARP
2.4 Proxy ARP Configuration Example
2.4.1 Proxy ARP Configuration Example
2.4.2 Local Proxy ARP Configuration Example in Case of Port Isolation
2.4.3 Local Proxy ARP Configuration Example in Isolate-user-vlan
Chapter 1 ARP Configuration
When configuring ARP, go to these sections for information you are interested in:
l Displaying and Maintaining ARP
1.1 ARP Overview
1.1.1 ARP Function
Address resolution protocol (ARP) is used to resolve an IP address into a MAC address.
An IP address is the address of a host at the network layer. To send a network layer packet to a destination host, the device must know the MAC address of the destination host. To this end, the IP address must be resolved into the corresponding MAC address.
1.1.2 ARP Message Format
The following explains the fields in Figure 1-1.
l Hardware type: This field specifies the type of a hardware address. The value “1” represents an Ethernet address.
l Protocol type: This field specifies the type of the protocol address to be mapped. The hexadecimal value “0x0800” represents an IP address.
l Hardware address length and protocol address length: They respectively specify the length of a hardware address and a protocol address, in bytes. For an Ethernet address, the value of the hardware address length field is "6”. For an IP(v4) address, the value of the protocol address field is “4”.
l OP: Operation code. This field specifies the type of ARP message. The value “1” represents an ARP request and “2” represents an ARP reply.
l Sender hardware address: This field specifies the hardware (MAC) address of the device sending the message.
l Sender protocol address: This field specifies the IP address of the device sending the message.
l Target hardware address: This field specifies the hardware address of the device the message is being sent to.
l Target protocol address: This field specifies the IP address of the device the message is being sent to.
1.1.3 ARP Process
Suppose that Host A and Host B are on the same subnet and that Host A sends a message to Host B. The resolution process is as follows:
1) Host A looks in its ARP mapping table to see whether there is an ARP entry for Host B. If Host A finds it, Host A uses the MAC address in the entry to encapsulate the IP packet into a data link layer frame and sends the frame to Host B.
2) If Host A finds no entry for Host B, Host A buffers the packet and broadcasts an ARP request, in which the source IP address and source MAC address are respectively the IP address and MAC address of Host A and the destination IP address and MAC address are respectively the IP address of Host B and an all-zero MAC address. As ARP request packet is broadcast, an ARP request packet is received by all the hosts in the network segment. However, only the intended host (host B) processes and responds to it.
3) Host B compares its own IP address with the destination IP address in the ARP request. If they are the same, Host B saves the source IP address and source MAC address into its ARP mapping table, encapsulates its MAC address into an ARP reply, and unicasts the reply to Host A.
4) After receiving the ARP reply, Host A adds the MAC address of Host B into its ARP mapping table for subsequent packet forwarding. Meanwhile, Host A encapsulates the IP packet and sends it out.
& Note:
When Host A and Host B are not on the same subnet, Host A first sends an ARP request to the gateway. The destination IP address in the ARP request is the IP address of the gateway. After obtaining the MAC address of the gateway from an ARP reply, Host A encapsulates the packet and sends it to the gateway. Subsequently, the gateway broadcasts the ARP request, in which the destination IP address is the one of Host B. After obtaining the MAC address of Host B from another ARP reply, the gateway sends the packet to Host B.
1.1.4 ARP Mapping Table
After obtaining the destination MAC address, the device adds the IP address to MAC address mapping into its own ARP mapping table, for forwarding packets with the same destination in future.
ARP entries fall into two categories: dynamic and static.
1) A dynamic entry is automatically created and maintained by ARP. It can get aged, be updated by a new ARP packet, or be overwritten by a static ARP entry. When the aging timer expires or the interface goes down, the corresponding dynamic ARP entry will be removed.
2) A static ARP entry is manually configured and maintained. It cannot get aged or be overwritten by a dynamic ARP entry. It can be permanent or non-permanent.
l A permanent static ARP entry can be directly used to forward data. When configuring a permanent static ARP entry, you must configure a VLAN and outbound port for the entry besides the IP address and MAC address.
l A non-permanent static ARP entry cannot be directly used for forwarding data. When configuring a non-permanent static ARP entry, you only need to configure the IP address and MAC address. When forwarding IP packets, the device sends an ARP request. If the source IP and MAC addresses in the received ARP reply are the same as the configured IP and MAC addresses, the device adds the port receiving the ARP reply into the static ARP entry. Now the entry can be used for forwarding IP packets.
& Note:
Usually ARP dynamically implements and automatically seeks mappings from IP addresses to MAC addresses, without manual intervention.
1.2 Configuring ARP
1.2.1 Adding a Static ARP Entry
Follow these steps to add a static ARP entry:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure a permanent static ARP entry |
arp static ip-address mac-address [ vlan-id interface-type interface-number ] |
Required No permanent static ARP entry is configured by default. |
|
Configure a non-permanent static ARP entry |
arp static ip-address mac-address |
Required No non-permanent static ARP entry is configured by default. |
Caution:
l A static ARP mapping is effective when the device works normally. However, when a VLAN or VLAN interface is deleted, the corresponding ARP entries will be deleted accordingly.
l The vlan-id argument must be the ID of an existing VLAN which corresponds to the ARP entries. In addition, the Ethernet port following the argument must belong to that VLAN. A VLAN interface must be created for the VLAN.
1.2.2 Setting the Maximum Number of ARP Entries for a VLAN Interface
Follow these steps to set the maximum number of dynamic ARP entries that a VLAN interface can learn:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter VLAN interface view |
interface vlan-interface vlan-id |
— |
|
Set the maximum number of dynamic ARP entries that a VLAN interface can learn |
arp max-learning-num number |
Optional 2048 by default |
1.2.3 Setting Aging Time for Dynamic ARP Entries
After dynamic ARP entries expire, the system will delete them from the ARP mapping table. You can adjust the aging time for dynamic ARP entries according to the actual network condition.
Follow these steps to set aging time for dynamic ARP entries:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Set aging time for dynamic ARP entries |
arp timer aging aging-time |
Optional 20 minutes by default |
1.2.4 Enabling the ARP Entry Check
ARP entry check function is used to control multicast MAC address learning. By default, it is enabled on an S5500-SI Ethernet switch. That is, the switches do not learn multicast MAC addresses. Multicast MAC learning is enabled once the ARP entry check function is disabled.
Follow these steps to enable the ARP entry check:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable the ARP entry check |
arp check enable |
Optional Enabled by default |
1.2.5 ARP Configuration Example
I. Network requirement
l Enable the ARP entry check.
l Set the aging time for dynamic ARP entries to 10 minutes.
l Add an ARP entry, with the IP address being 192.168.1.1, the MAC address being 00e0-fc01-0000, and the outbound interface being GigabitEthernet1/0/2 of VLAN 10.
II. Configuration procedure
<Sysname> system-view
[Sysname] arp check enable
[Sysname] arp timer aging 10
[Sysname] vlan 10
[Sysname-vlan10] quit
[Sysname] interface vlan-interface 10
[Sysname- vlan-interface10] quit
[Sysname] interface GigabitEthernet 1/0/2
[Sysname-GigabitEthernet1/0/2] port access vlan 10
[Sysname-GigabitEthernet1/0/2] quit
[Sysname] arp static 192.168.1.1 00e0-fc01-0000 10 GigabitEthernet1/0/2
1.3 Configuring Gratuitous ARP
1.3.1 Introduction to Gratuitous ARP
A gratuitous ARP packet is a special ARP packet, in which the source IP address and destination IP address are both the IP address of the sender.
A device can implement the following functions by sending gratuitous ARP packets:
l Determining whether its IP address is already used by another device.
l Informing other devices of its MAC address change so that they can update their ARP entries.
A device receiving a gratuitous ARP packet can add the information carried in the packet to its own dynamic ARP mapping table if it finds no corresponding ARP entry for the ARP packet in the cache.
1.3.2 Configuring Gratuitous ARP
Follow these steps to configure gratuitous ARP:
|
Use the command… |
Remarks |
|
|
Enter system view |
system-view |
— |
|
Enable the device to send gratuitous ARP packets |
gratuitous-arp-sending enable |
Optional A device cannot send gratuitous ARP packets by default. |
|
Enable the gratuitous ARP packet learning function |
gratuitous-arp-learning enable |
Required Disabled by default. |
1.4 Displaying and Maintaining ARP
|
To do… |
Use the command… |
Remarks |
|
Display the ARP entries in the ARP mapping table |
display arp { { all | dynamic | static } | vlan vlan-id | interface interface-type interface-number } [ [ | { begin | exclude | include } text ] | count ] |
Available in any view |
|
Display the ARP entries for a specified IP address |
display arp ip-address [ | { begin | exclude | include } text ] |
Available in any view |
|
Display the aging time for dynamic ARP entries |
display arp timer aging |
Available in any view |
|
Display the configuration information of ARP source suppression |
display arp source-suppression |
Available in any view |
|
Clear ARP entries from the ARP mapping table |
reset arp { all | dynamic | static | interface interface-type interface-number } |
Available in user view |
Chapter 2 Proxy ARP Configuration
When configuring proxy ARP, go to these sections for information you are interested in:
l Displaying and Maintaining Proxy ARP
l Proxy ARP Configuration Example
2.1 Proxy ARP Overview
For an ARP request of a host on a network to be forwarded to an interface that is on the same network but isolated at Layer 2 or a host on another network, the device connecting the two physical or virtual networks must be able to respond to the request. This is achieved by proxy ARP.
Proxy ARP can be divided to proxy ARP and local proxy ARP.
Within a network segment, hosts connecting with different VLAN interfaces can communicate with each other through Layer 3 forwarding by using the proxy ARP function.
To realize Layer 3 connectivity, you need to enable the local proxy ARP function in the following two cases.
l The Layer 2 port isolation function is enabled on the switches attached to the S5500-SI series Ethernet switches.
l The isolated-user-vlan function is enabled on the switches attached to the S5500-SI series Ethernet switches.
2.2 Enabling Proxy ARP
Follow these steps to enable proxy ARP in VLAN interface view/Ethernet interface view or enable local proxy ARP in VLAN interface view:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter VLAN interface view |
interface vlan-interface vlan-id |
Required |
|
Enable proxy ARP |
proxy-arp enable |
Required Disabled by default |
|
Enable local proxy ARP |
local-proxy-arp enable |
Required Disabled by default |
2.3 Displaying and Maintaining Proxy ARP
|
To do… |
Use the command… |
Remarks |
|
Display whether proxy ARP is enabled |
display proxy-arp [ interface vlan-interface vlan-id ] |
Available in any view |
|
Display whether local proxy ARP is enabled |
display local-proxy-arp [ interface vlan-interface vlan-id ] |
Available in any view |
2.4 Proxy ARP Configuration Example
2.4.1 Proxy ARP Configuration Example
I. Network requirement
PC1 belongs to VLAN1, and PC4 belongs to VLAN2. Configure proxy ARP on the device to enable the communication between the two.
II. Network diagram
Figure 2-1 Network diagram for proxy ARP
III. Configuration procedure
# Configure Proxy ARP on the device to enable the communication between PC 1 and PC 4.
<Sysname> system-view
[Sysname] vlan 1
[Sysname-vlan1] quit
[Sysname] vlan 2
[Sysname-vlan2] quit
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] ip address 192.168.10.99 255.255.255.0
[Sysname-Vlan-interface1] proxy-arp enable
[Sysname-Vlan-interface1] quit
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] ip address 192.168.20.99 255.255.255.0
[Sysname-Vlan-interface2] proxy-arp enable
[Sysname-Vlan-interface2] quit
2.4.2 Local Proxy ARP Configuration Example in Case of Port Isolation
I. Network requirement
l PC1 and PC2 belong to the same VLAN, and are connected to GE1/0/3 and GE1/0/4 of the switch respectively.
l The switch is connected to the Switch A (S5500-28C-SI) via GE1/0/2
l GE1/0/3 and GE1/0/4 isolated at layer 2 can implement layer 3 communication..
II. Network diagram
Figure 2-2 Network diagram for local proxy ARP between isolated ports
III. Configuration procedure
1) Configure the Switch B
# Add GE1/0/2, GE1/0/3 and GE1/0/4 to VLAN 2. PC1 and PC2 are isolated and unable to exchange Layer 2 packets.
For detailed configuration information, refer to Port Correlation Configuration.
2) Configure the Switch A (S5500-28C-SI)
# Create VLAN 2, and add GE1/0/1 to VLAN 2.
For detailed configuration information, refer to VLAN Configuration.
# Create vlan-interface 2 on the Switch A and configure local proxy ARP to let PC1 and PC2 communicate at Layer 3.
<SwitchA> system-view
[SwitchA] interface vlan-interface 2
[SwitchA-Vlan-interface2] local-proxy-arp enable
[SwitchA-Vlan-interface2] quit
2.4.3 Local Proxy ARP Configuration Example in Isolate-user-vlan
I. Network requirement
l Switch A (an S5500-28C-SI Ethernet switch) connects to Switch B through port GigabitEthernet1/0/1.
l VLAN 5 on Switch B is an isolate-user-vlan, which contains the uplink port GigabitEthernet1/0/1 and two secondary VLANs (VLAN 2 and VLAN 3). Port GigabitEthernet1/0/2 belongs to VLAN2. Port GigabitEthernet1/0/3 belongs to VLAN3.
l Layer 3 communication is implemented between VLAN 2 and VLAN 3.
II. Network diagram
Figure 2-3 Network diagram for local proxy ARP configuration in isolate-user-vlan
III. Configuration procedure
1) Configure the Switch B
# Create VLAN 2, VLAN 3, and VLAN 5 on the Switch B. Add GE1/0/2 to VLAN2, GE1/0/3 to VLAN 3, and GE1/0/1 to VLAN 5. Configure VLAN5 as the isolate-user-vlan, and VLAN 2 and VLAN 3 as secondary VLANs. Configure the mappings between isolate-user-vlan and the secondary VLANs.
For detailed configuration information, refer to VLAN Configuration.
2) Configure the Switch A ( S5500-28C-SI )
# Create VLAN5 and add GE1/0/1 to it.
Refer to VLAN Configuration for detailed configuration information
# Create vlan-interface5 on the Router. Configure local proxy ARP to implement communication between VLAN 2 and VLAN 3.
<SwitchA> system-view
[SwitchA] interface vlan-interface 5
[SwitchA-Vlan-interface5] local-proxy-arp enable
[SwitchA-Vlan-interface5] quit
