- Table of Contents
-
- H3C S3100-52P Command Manual-Release 1602(V1.01)
- 00-1Cover
- 01-CLI Command
- 02-Login Command
- 03-Configuration File Management Command
- 04-VLAN Command
- 05-IP Address and Performance Command
- 06-Voice VLAN Command
- 07-GVRP Command
- 08-Port Basic Configuration Command
- 09-Link Aggregation Command
- 10-Port Isolation Command
- 11-Port Security-Port Binding Command
- 12-DLDP Command
- 13-MAC Address Table Management Command
- 14-MSTP Command
- 15-Static Route Command
- 16-Multicast Command
- 17-802.1x and System Guard Command
- 18-AAA Command
- 19-Web Authentication Command
- 20-MAC Address Authentication Command
- 21-ARP Command
- 22-DHCP Command
- 23-ACL Command
- 24-QoS-QoS Profile Command
- 25-Mirroring Command
- 26-Stack-Cluster Command
- 27-SNMP-RMON Command
- 28-NTP Command
- 29-SSH Command
- 30-File System Management Command
- 31-FTP-SFTP-TFTP Command
- 32-Information Center Command
- 33-System Maintenance and Debugging Command
- 34-VLAN-VPN Command
- 35-HWPing Command
- 36-IPv6 Management Command
- 37-DNS Command
- 38-Smart Link-Monitor Link Command
- 39-Appendix
- Related Documents
-
Title | Size | Download |
---|---|---|
21-ARP Command | 67.68 KB |
Table of Contents
Chapter 1 ARP Configuration Commands. 1-1
1.1 ARP Configuration Commands. 1-1
1.1.2 arp detection enable. 1-2
1.1.4 arp protective-down recover enable. 1-3
1.1.5 arp protective-down recover interval 1-4
1.1.7 arp rate-limit enable. 1-6
1.1.8 arp restricted-forwarding enable. 1-6
1.1.14 display arp detection statistics interface. 1-12
1.1.15 display arp timer aging. 1-13
1.1.16 gratuitous-arp-learning enable. 1-13
Chapter 1 ARP Configuration Commands
& Note:
l The ARP packet rate limit feature is a new feature in the manual. For related commands, refer to arp protective-down recover enable, arp protective-down recover interval, arp rate-limit, and arp rate-limit enable.
l The ARP detection feature is a new feature in this manual. For related commands, refer to arp detection enable, arp detection trust, and display arp detection statistics interface.
1.1 ARP Configuration Commands
1.1.1 arp check enable
Syntax
arp check enable
undo arp check enable
View
System view
Parameters
None
Description
Use the arp check enable command to enable the ARP entry checking function on a switch.
Use the undo arp check enable command to disable the ARP entry checking function.
With the ARP entry checking function enabled, the switch cannot learn any ARP entry with a multicast MAC address. Configuring such a static ARP entry is not allowed either; otherwise, the system prompts error information.
After the ARP entry checking function is disabled, the switch can learn the ARP entry with a multicast MAC address, and you can also configure such a static ARP entry on the switch.
By default, the ARP entry checking function is enabled.
Examples
# Disable the ARP entry checking function.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] undo arp check enable
1.1.2 arp detection enable
arp detection enable
undo arp detection enable
View
VLAN view
Parameters
None
Description
Use the arp detection enable command to enable the ARP attack detection function on all ports in the specified VLAN. When receiving an ARP packet from a port in this VLAN, the switch will check the source IP address, source MAC address, number of the receiving port, and the VLAN of the port. If the mapping of the source IP address and source MAC address is not included in the DHCP snooping entries or IP static binding entries, or the number of the receiving port and the VLAN of the port do not match the DHCP snooping entries or IP static binding entries, the ARP packet will be discarded.
Use the undo arp detection enable command to disable the ARP attack detection function on all ports in the specified VLAN.
By default, ARP attack detection is disabled on the switch.
Examples
# Enable ARP attack detection on all ports in VLAN 1.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] vlan 1
[Sysname-vlan1] arp detection enable
1.1.3 arp detection trust
Syntax
arp detection trust
undo arp detection trust
View
Ethernet port view
Parameters
None
Description
Use the arp detection trust command to specify the current port as a trusted port, that is, ARP packets received on this port are regarded as legal ARP packets and will not be checked.
Use the undo arp detection trust command to specify the current port as an untrusted port in ARP detection.
By default, a port is an untrusted port in ARP detection.
Examples
# Specify Ethernet 1/0/11 as the trusted port in ARP detection.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/11
[Sysname-Ethernet1/0/11] arp detection trust
1.1.4 arp protective-down recover enable
Syntax
arp protective-down recover enable
undo arp protective-down recover enable
View
System view
Parameters
None
Description
Use the arp protective-down recover enable command to enable the port state auto-recovery function on the switch.
Use the undo arp protective-down recover enable command to disable the port state auto-recovery function of a switch.
With this function enabled, the switch can automatically bring up a port that has been shut down due to an excessive ARP packet receiving rate after a specified period.
By default, the port state auto-recovery function is disabled.
Examples
# Enable the port state auto-recovery function of the switch.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] arp protective-down recover enable
1.1.5 arp protective-down recover interval
Syntax
arp protective-down recover interval interval
undo arp protective-down recover interval
View
System view
Parameters
interval: Recovery time (in seconds) of a port which is shut down due to an excessive ARP packet receiving rate. The effective range is 10 to 86,400.
Description
Use the arp protective-down recover interval command to specify a recovery interval. After the interval, a port that has been shut down due to an excessive ARP packet receiving rate will be brought up.
Use the undo arp protective-down recover interval command to restore the default.
By default, when the port state auto-recovery function is enabled, the recovery interval is 300 seconds.
Note that:
l You need to enable the port state auto-recovery feature before you can configure the auto-recovery interval.
l If you use the arp protective-down recover interval command to modify the recovery time when the current port has been already shut down due to an excessive ARP packet receiving rate, the previously configured interval applies to the first port state recovery. Starting from the next state recovery, the new recovery interval will take effect.
Examples
# Set the auto-recovery interval to 30 seconds.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] arp protective-down recover enable
[Sysname] arp protective-down recover interval 30
1.1.6 arp rate-limit
arp rate-limit rate
undo arp rate-limit
View
Ethernet port view
Parameters
rate: Maximum ARP packet receiving rate on the port, in the range of 10 to 1,024 pps.
Description
Use the arp rate-limit command to specify the maximum ARP packet receiving rate on the port. If a rate is specified, exceeding packets will be discarded.
Use the undo arp rate-limit command to restore the default.
By default, after a port is enabled with the ARP packet rate limit function, the maximum ARP packet receiving rate on the port is 15 pps.
Note that:
You must enable the ARP packet rate limit function before you can specify the maximum ARP packet receiving rate on the port by using the arp rate-limit command.
Examples
# Set the maximum ARP packet receiving rate on Ethernet 1/0/11 to 100 pps.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface ethernet 1/0/11
[Sysname-Ethernet1/0/11] arp rate-limit enable
[Sysname-Ethernet1/0/11] arp rate-limit 100
1.1.7 arp rate-limit enable
Syntax
arp rate-limit enable
undo arp rate-limit enable
View
Ethernet port view
Parameters
None
Description
Use the arp rate-limit enable command to enable the ARP packet rate limit function on the port, that is, to limit the rate of ARP packets passing through the port. If a rate (the maximum ARP packet rate is 15 pps by default) is specified, exceeding ARP packets will be discarded.
Use the undo arp rate-limit enable command to disable the ARP packet rate limit function on the port.
By default, the ARP packet rate limit function is disabled, that is, ARP packet rate is not limited on a port.
Examples
# Enable the ARP packet rate limit function on Ethernet 1/0/11.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/11
[Sysname-Ethernet1/0/11] arp rate-limit enable
1.1.8 arp restricted-forwarding enable
Syntax
arp restricted-forwarding enable
undo arp restricted-forwarding enable
View
VLAN view
Parameters
None
Description
Use the arp restricted-forwarding enable command to enable ARP restricted forwarding so that the legal ARP requests received from the specified VLAN are forwarded through configured trusted ports only, and the legal ARP responses are forwarded according to the MAC addresses in the packets, or through trusted ports if the MAC address table contains no such destination MAC addresses.
Use the undo arp restricted-forwarding enable command to disable ARP restricted forwarding.
By default, ARP restricted forwarding is disabled.
Related commands: arp detection enable, arp detection trust
Syntax
# Enable ARP restricted forwarding in VLAN 1.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] vlan 1
[Sysname-vlan1] arp restricted-forwarding enable
1.1.9 arp static
Syntax
arp static ip-address mac-address [ vlan-id interface-type interface-number ]
arp static ip-address mac-address vlan-id (in Ethernet port view)
undo arp ip-address
View
System view, Ethernet port view
Parameters
ip-address: IP address contained in the ARP mapping entry to be created/removed.
mac-address: MAC address contained in the ARP mapping entry to be created, in the format of H-H-H.
vlan-id: ID of the VLAN to which the static ARP entry belongs, in the range of 1 to 4,094.
interface-type: Type of the port to which the static ARP entry belongs.
interface-number: Number of the port to which the static ARP entry belongs.
Description
Use the arp static command to create a static ARP entry.
Use the undo arp command to remove an ARP entry.
By default, the system ARP mapping table is empty and the address mapping entries are obtained by ARP dynamically.
Note that:
l Static ARP entries are valid as long as the Ethernet switch operates normally. But some operations, such as removing a VLAN, or removing a port from a VLAN, will make the corresponding ARP entries invalid and therefore removed automatically.
l As for the arp static command, the value of the vlan-id argument must be the ID of an existing VLAN, and the port identified by the interface-type and interface-number arguments must belong to the VLAN.
l Currently, static ARP entries cannot be configured on the ports of an aggregation group.
Related commands: reset arp, display arp.
Examples
# Create a static ARP mapping entry, with the IP address of 202.38.10.2, the MAC address of 000f-e20f-0000. The ARP mapping entry belongs to Ethernet 1/0/1 which belongs to VLAN 1.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] arp static 202.38.10.2 000f-e20f-0000 1 Ethernet 1/0/1
1.1.10 arp timer aging
Syntax
arp timer aging aging-time
undo arp timer aging
View
System view
Parameters
aging-time: Aging time (in minutes) of the dynamic ARP entries. This argument ranges from 1 to 1,440.
Description
Use the arp timer aging command to configure the aging time for dynamic ARP entries.
Use the undo arp timer aging command to restore the default.
By default, the aging time for dynamic ARP entries is 20 minutes.
Related commands: display arp timer aging.
Examples
# Configure the aging time to be 10 minutes for dynamic ARP entries.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] arp timer aging 10
1.1.11 display arp
Syntax
display arp [ dynamic | static | ip-address ]
View
Any view
Parameters
dynamic: Displays dynamic ARP entries.
static: Displays static ARP entries.
ip-address: IP address. ARP entries containing the IP address are to be displayed.
Description
Use the display arp command to display specific ARP entries.
If you execute this command with no keyword/argument specified, all the ARP entries are displayed.
Related commands: arp static, reset arp.
Examples
# Display all the ARP entries.
<Sysname> display arp
Type: S-Static D-Dynamic
IP Address MAC Address VLAN ID Port Name / AL ID Aging Type
10.2.72.162 000a-000a-0aaa N/A N/A N/A S
192.168.0.77 0000-e8f5-6a4a 1 Ethernet1/0/2 13 D
192.168.0.2 000d-88f8-4e88 1 Ethernet1/0/2 14 D
192.168.0.200 0014-222c-9d6a 1 Ethernet1/0/2 14 D
192.168.0.45 000d-88f6-44c1 1 Ethernet1/0/2 15 D
192.168.0.110 0011-4301-991e 1 Ethernet1/0/2 15 D
192.168.0.32 0000-e8f5-73ee 1 Ethernet1/0/2 16 D
192.168.0.3 0014-222c-aa69 1 Ethernet1/0/2 16 D
192.168.0.17 000d-88f6-379c 1 Ethernet1/0/2 17 D
192.168.0.115 000d-88f7-9f7d 1 Ethernet1/0/2 18 D
192.168.0.43 000c-760a-172d 1 Ethernet1/0/2 18 D
192.168.0.33 000d-88f6-44ba 1 Ethernet1/0/2 20 D
192.168.0.35 000f-e20f-2181 1 Ethernet1/0/2 20 D
192.168.0.5 000f-3d80-2b38 1 Ethernet1/0/2 20 D
--- 14 entries found ---
Table 1-1 Description on the fields of the display arp command
Field | Description |
IP Address | IP address contained in an ARP entry |
MAC Address | MAC address contained in an ARP entry |
VLAN ID | ID of the VLAN which an ARP entry corresponds to |
Port Name / AL ID | Port which an ARP entry corresponds to |
Aging | Aging time (in minutes) of an ARP entry N/A is displayed for static ARP entries. |
Type | Type of an ARP entry: D for dynamic, and S for static. |
1.1.12 display arp |
Syntax
display arp [ dynamic | static] | { begin | exclude | include } regular-expression
View
Any view
Parameters
dynamic: Displays dynamic ARP entries.
static: Displays static ARP entries.
|: Uses a regular expression to specify the ARP entries to be displayed. For detailed information about regular expressions, refer to Configuration File Management Command in this manual.
begin: Displays the first ARP entry containing the specified string and all subsequent ARP entries.
exclude: Displays the ARP entries that do not contain the specified string.
include: Displays the ARP entries containing the specified string.
regular-expression: A case-sensitive character string.
Description
Use the display arp | command to display the ARP entries related to string in a specified way.
Related commands: arp static, reset arp.
Examples
# Display all the ARP entries that contain the string 77.
<Sysname> display arp | include 77
Type: S-Static D-Dynamic
IP Address MAC Address VLAN ID Port Name / AL ID Aging Type
192.168.0.77 0000-e8f5-6a4a 1 Ethernet1/0/2 12 D
--- 1 entry found ---
# Display all the ARP entries that do not contain the string 68.
<Sysname> display arp | exclude 68
Type: S-Static D-Dynamic
IP Address MAC Address VLAN ID Port Name / AL ID Aging Type
10.2.72.162 000a-000a-0aaa N/A N/A N/A S
--- 1 entry found ---
Refer to Table 1-1 for the description on the above output information.
1.1.13 display arp count
Syntax
display arp count [ [ dynamic | static ] [ | { begin | exclude | include } regular-expression ] | ip-address ]
View
Any view
Parameters
dynamic: Counts the dynamic ARP entries.
static: Counts the static ARP entries.
|: Uses a regular expression as the match criterion. For detailed information about regular expressions, refer to Configuration File Management Command in this manual.
begin: Displays the number of ARP entries counted from the first one containing the specified string.
exclude: Displays the number of ARP entries that do not contain the specified string.
include: Displays the number of ARP entries containing the specified string.
regular-expression: A case-sensitive character string.
ip-address: IP address. The ARP entries containing the IP address are to be displayed.
Description
Use the display arp count command to display the number of the specified ARP entries. If no parameter is specified, the total number of ARP entries is displayed.
Related commands: arp static, reset arp.
Examples
# Display the total number of ARP entries.
<Sysname> display arp count
14 entries found
1.1.14 display arp detection statistics interface
Syntax
display arp detection statistics interface interface-type interface-number
View
Any view
Parameters
interface-type interface-number: Type and number of a port.
Description
Use the display arp detection statistics interface command to display the statistics of ARP attack detection state, ARP trusted port state, and discarded invalid ARP packets ( those failed to pass ARP attack detection) on the specified port.
If ARP attack detection is disabled, the statistics of ARP trusted port state and discarded invalid ARP packets will not be displayed.
Examples
# Display ARP detection statistics on Ethernet 1/0/10.
<Sysname> display arp detection statistics interface ethernet1/0/10
ARP DETECTION : ENABLE
ARP PORT TRUST : DISABLE
INVALID ARP PACKETS : 31
Table 1-2 Description on the fields of the display arp detection statistics interface command
Field | Description |
ARP DETECTION | ARP attack detection state: enabled/disabled |
ARP PORT TRUST | ARP trusted port state: enabled/disabled |
INVALID ARP PACKETS | Number of discarded invalid ARP packets (those failed to pass ARP attack detection) |
1.1.15 display arp timer aging
Syntax
display arp timer aging
View
Any view
Parameters
None
Description
Use the display arp timer aging command to display the setting of the ARP aging time.
Related commands: arp timer aging.
Examples
# Display the setting of the ARP aging time.
<Sysname> display arp timer aging
Current ARP aging time is 20 minute(s)(default)
The displayed information shows that the ARP aging time is set to 20 minutes.
1.1.16 gratuitous-arp-learning enable
Syntax
gratuitous-arp-learning enable
undo gratuitous-arp-learning enable
View
System view
Parameters
None
Description
Use the gratuitous-arp-learning enable command to enable the gratuitous ARP packet learning function. Then, a switch receiving a gratuitous ARP packet can add the IP and MAC addresses carried in the packet to its own dynamic ARP table if it finds no corresponding ARP entry for the ARP packet in the cache.
Use the undo gratuitous-arp-learning enable command to disable the gratuitous ARP packet learning function.
By default, the gratuitous ARP packet learning function is disabled.
Examples
# Enable the gratuitous ARP packet learning function on a switch.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] gratuitous-arp-learning enable
1.1.17 reset arp
Syntax
reset arp [ dynamic | static | interface interface-type interface-number ]
View
User view
Parameters
dynamic: Clears dynamic ARP entries.
static: Clears static ARP entries.
interface interface-type interface-number: Clears ARP entries of the specified port.
Description
Use the reset arp command to clear specific ARP entries.
Related commands: arp static, display arp.
Examples
# Clear static ARP entries.
<Sysname> reset arp static