18-ARP Configuration
Chapters Download (133.31 KB)
ARP Address Resolution Process
Configuring a Static ARP Entry
Configuring the Maximum Number of ARP Entries for an Interface
Setting the Aging Time for Dynamic ARP Entries
Introduction to Gratuitous ARP
Displaying and Maintaining ARP
When configuring ARP, go to these sections for information you are interested in:
l Displaying and Maintaining ARP
The Address Resolution Protocol (ARP) is used to resolve an IP address into a data link layer address.
An IP address is the address of a host at the network layer. To send a network layer packet to a destination host at the data link layer, the device must know the data link layer address (such as the MAC address) of the destination host. To this end, the IP address must be resolved into the corresponding data link layer address.
Unless otherwise stated, the data link layer addresses that appear in this chapter refer to the 48-bit Ethernet MAC addresses.
The following explains the fields in Figure 1-1.
l Hardware type: This field specifies the hardware address type. The value “1” represents Ethernet.
l Protocol type: This field specifies the type of the protocol address to be mapped. The hexadecimal value “0x0800” represents IP.
l Hardware address length and protocol address length: They respectively specify the length of a hardware address and a protocol address, in bytes. For an Ethernet address, the value of the hardware address length field is "6”. For an IP(v4) address, the value of the protocol address length field is “4”.
l OP: Operation code. This field specifies the type of ARP message. The value “1” represents an ARP request and “2” represents an ARP reply.
l Sender hardware address: This field specifies the hardware address of the device sending the message.
l Sender protocol address: This field specifies the protocol address of the device sending the message.
l Target hardware address: This field specifies the hardware address of the device the message is being sent to.
l Target protocol address: This field specifies the protocol address of the device the message is being sent to.
Suppose that Host A and Host B are on the same subnet and Host A sends a packet to Host B, as shown in Figure 1-2. The resolution process is as follows:
1) Host A looks into its ARP table to see whether there is an ARP entry for Host B. If yes, Host A uses the MAC address in the entry to encapsulate the IP packet into a data link layer frame and sends the frame to Host B.
2) If Host A finds no entry for Host B, Host A buffers the packet and broadcasts an ARP request, in which the sender IP address and the sender MAC address are the IP address and the MAC address of Host A respectively, and the target IP address and the target MAC address are the IP address of Host B and an all-zero MAC address respectively. Because the ARP request is a broadcast, all hosts on this subnet can receive the request, but only the requested host (namely, Host B) will respond to the request.
3) Host B compares its own IP address with the destination IP address in the ARP request. If they are the same, Host B saves the source IP address and source MAC address in its ARP table, encapsulates its MAC address into an ARP reply, and unicasts the reply to Host A.
4) After receiving the ARP reply, Host A adds the MAC address of Host B to its ARP table. Meanwhile, Host A encapsulates the IP packet and sends it out.
Figure 1-2 ARP address resolution process
If Host A is not on the same subnet with Host B, Host A first sends an ARP request to the gateway. The target IP address in the ARP request is the IP address of the gateway. After obtaining the MAC address of the gateway from an ARP reply, Host A sends the packet to the gateway. If the gateway maintains the ARP entry of Host B, it forwards the packet to Host B directly; if not, it broadcasts an ARP request, in which the target IP address is the IP address of Host B. After obtaining the MAC address of Host B, the gateway sends the packet to Host B.
After obtaining the MAC address for the destination host, the device puts the IP-to-MAC mapping into its own ARP table. This mapping is used for forwarding packets with the same destination in future.
An ARP table contains ARP entries, which fall into one of two categories: dynamic or static.
1) A dynamic entry is automatically created and maintained by ARP. It can get aged, be updated by a new ARP packet, or be overwritten by a static ARP entry. When the aging timer expires or the interface goes down, the corresponding dynamic ARP entry will be removed.
2) A static ARP entry is manually configured and maintained. It cannot get aged or be overwritten by a dynamic ARP entry. It can be permanent or non-permanent.
l A permanent static ARP entry can be directly used to forward packets. When configuring a permanent static ARP entry, you must configure a VLAN and an outbound interface for the entry besides the IP address and the MAC address.
l A non-permanent static ARP entry has only an IP address and a MAC address configured. It cannot be directly used for forwarding data. If a non-permanent static ARP entry matches an IP packet to be forwarded, the device sends an ARP request first. If the sender IP and MAC addresses in the received ARP reply are the same as those in the non-permanent static ARP entry, the device adds the interface receiving the ARP reply to the non-permanent static ARP entry. Then the entry can be used for forwarding IP packets.
Usually ARP dynamically resolves IP addresses to MAC addresses, without manual intervention.
A static ARP entry is effective when the device works normally. However, when a VLAN or VLAN interface to which a static ARP entry corresponds is deleted, the entry, if permanent, will be deleted, and if non-permanent and resolved, will become unresolved.
Follow these steps to configure a static ARP entry:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure a permanent static ARP entry |
arp static ip-address mac-address vlan-id interface-type interface-number |
Required No permanent static ARP entry is configured by default. |
|
Configure a non-permanent static ARP entry |
arp static ip-address mac-address |
Required No non-permanent static ARP entry is configured by default. |
The vlan-id argument must be the ID of an existing VLAN which corresponds to the ARP entries. In addition, the Ethernet interface following the argument must belong to that VLAN. A VLAN interface must be created for the VLAN.
Follow these steps to set the maximum number of dynamic ARP entries that an interface can learn:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter Ethernet port/VLAN interface, or Layer 2 aggregate interface view |
interface interface-type interface-number |
— |
|
Set the maximum number of dynamic ARP entries that an interface can learn |
arp max-learning-num number |
Optional 256 by default |
After dynamic ARP entries expire, the system deletes them from the ARP table. You can adjust the aging time for dynamic ARP entries according to the actual network condition.
Follow these steps to set the aging time for dynamic ARP entries:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Set the aging time for dynamic ARP entries |
arp timer aging aging-time |
Optional 20 minutes by default. |
The ARP entry check function disables the device from learning multicast MAC addresses. With the ARP entry check enabled, the device cannot learn any ARP entry with a multicast MAC address, and configuring such a static ARP entry is not allowed; otherwise, the system displays error messages.
After the ARP entry check is disabled, the device can learn the ARP entry with a multicast MAC address, and you can also configure such a static ARP entry on the device.
Follow these steps to enable the ARP entry check:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable the ARP entry check |
arp check enable |
Optional By default, the device is disabled from learning multicast MAC addresses. |
As shown in Figure 1-3, an OLT device is connected to Switch through interface GigabitEthernet1/1/1 belonging to VLAN 10. The IP address of Switch is 192.168.1.1/24. The MAC address of Switch is 00e0-fc01-0000.
To enhance communication security for the OLT device and Switch, static ARP entries are configured on the OLT device.
Figure 1-3 Network diagram for configuring static ARP entries
Configure Switch
# Create VLAN 10.
<Sysname> system-view
[Sysname] vlan 10
[Sysname-vlan10] quit
# Add interface GigabitEthernet 1/1/1 to VLAN 10.
[Sysname] interface GigabitEthernet 1/1/1
[Sysname-GigabitEthernet1/1/1] port access vlan 10
[Sysname-GigabitEthernet1/1/1] quit
# Create interface VLAN-interace 10 and configure its IP address.
[Sysname] interface vlan-interface 10
[Sysname-vlan-interface10] ip address 192.168.1.2 24
[Sysname-vlan-interface10] quit
# Configure a static ARP entry with IP address 192.168.1.1 and MAC address 00e0-fc01-0000. The outgoing interface corresponding to the static ARP entry is GigabitEthernet1/1/1 belonging to VLAN 10.
[Sysname] arp static 192.168.1.1 00e0-fc01-0000 10 GigabitEthernet 1/1/1
# View information about static ARP entries.
[Sysname] display arp static
Type: S-Static D-Dynamic
IP Address MAC Address VLAN ID Interface Aging Type
192.168.1.1 00e0-fc01-0000 10 GE1/1/1 N/A S
A gratuitous ARP packet is a special ARP packet, in which the sender IP address and the target IP address are both the IP address of the sender, the sender MAC address is the MAC address of the sender, and the target MAC address is an all-zero MAC address.
A device implements the following functions by sending gratuitous ARP packets:
l Determining whether its IP address is already used by another device.
l Informing other devices of its MAC address change so that they can update their ARP entries.
A device receiving a gratuitous ARP packet adds the information carried in the packet to its own dynamic ARP table if it finds no corresponding ARP entry for the ARP packet in the cache.
Follow these steps to configure gratuitous ARP:
|
Use the command… |
Remarks |
|
|
Enter system view |
system-view |
— |
|
Enable the device to send gratuitous ARP packets when receiving ARP requests from another network segment |
gratuitous-arp-sending enable |
Required By default, a device cannot send gratuitous ARP packets when receiving ARP requests from another network segment. |
|
Enable the gratuitous ARP packet learning function |
gratuitous-arp-learning enable |
Optional Enabled by default. |
|
To do… |
Use the command… |
Remarks |
|
Display ARP entries in the ARP table |
display arp [ [ all | dynamic | static ] | vlan vlan-id | interface interface-type interface-number ] [ [ | { begin | exclude | include } regular-expression ] | count ] |
Available in any view
|
|
Display the ARP entry for a specified IP address |
display arp ip-address [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Display the aging time for dynamic ARP entries |
display arp timer aging |
Available in any view |
|
Clear ARP entries from the ARP table |
reset arp { all | dynamic | static | interface interface-type interface-number } |
Available in user view |
