Login
- Table of Contents
-
- H3C WX3000 Series Unified Switches Switching Engine Command Reference-6W103
- 00-Preface
- 01-CLI Command
- 02-Login Command
- 03-Configuration File Management Command
- 04-VLAN Command
- 05-Auto Detect Command
- 06-Voice VLAN Command
- 07-GVRP Command
- 08-Basic Port Configuration Command
- 09-Link Aggregation Command
- 10-Port Isolation Command
- 11-Port Security-Port Binding Command
- 12-DLDP Command
- 13-MAC Address Table Management Command
- 14-MSTP Command
- 15-802.1x and System Guard Command
- 16-AAA Command
- 17-MAC Address Authentication Command
- 18-IP Address and Performance Command
- 19-DHCP Command
- 20-ACL Command
- 21-QoS-QoS Profile Command
- 22-Mirroring Command
- 23-ARP Command
- 24-SNMP-RMON Command
- 25-Multicast Command
- 26-NTP Command
- 27-SSH Command
- 28-File System Management Command
- 29-FTP-SFTP-TFTP Command
- 30-Information Center Command
- 31-System Maintenance and Debugging Command
- 32-VLAN-VPN Command
- 33-HWPing Command
- 34-DNS Command
- 35-Smart Link-Monitor Link Command
- 36-PoE-PoE Profile Command
- 37-Routing Protocol Command
- 38-UDP Helper Command
- 39-Index
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 23-ARP Command | 51.95 KB |
Table of Contents
arp restricted-forwarding enable
display arp detection statistics interface
gratuitous-arp-learning enable
ARP Configuration Commands
arp check enable
Syntax
arp check enable
undo arp check enable
View
System view
Parameters
None
Description
Use the arp check enable command to enable the ARP entry checking function on a device.
Use the undo arp check enable command to disable the ARP entry checking function.
With the ARP entry checking function enabled, the device cannot learn any ARP entry with a multicast MAC address. Configuring such a static ARP entry is not allowed either; otherwise, the system prompts error information.
After the ARP entry checking function is disabled, the device can learn the ARP entry with a multicast MAC address, and you can also configure such a static ARP entry on the device.
By default, the ARP entry checking function is enabled.
Examples
# Disable the ARP entry checking function.
<device> system-view
System View: return to User View with Ctrl+Z.
[device] undo arp check enable
arp detection enable
arp detection enable
undo arp detection enable
View
VLAN view
Parameters
None
Description
Use the arp detection enable command to enable the ARP attack detection function on all ports in the specified VLAN. When receiving an ARP packet from a port in this VLAN, the device will check the source IP address, source MAC address, number of the receiving port, and the VLAN of the port. If the mapping of the source IP address and source MAC address is not included in the DHCP snooping entries or IP static binding entries, or the number of the receiving port and the VLAN of the port do not match the DHCP snooping entries or IP static binding entries, the ARP packet will be discarded.
Use the undo arp detection enable command to disable the ARP attack detection function on all ports in the specified VLAN.
By default, ARP attack detection is disabled on the device.
Examples
# Enable ARP attack detection on all ports in VLAN 1.
<device> system-view
System View: return to User View with Ctrl+Z.
[device] vlan 1
[device-vlan1] arp detection enable
arp detection trust
Syntax
arp detection trust
undo arp detection trust
View
Ethernet port view
Parameters
None
Description
Use the arp detection trust command to specify the current port as a trusted port, that is, ARP packets received on this port are regarded as legal ARP packets and will not be checked.
Use the undo arp detection trust command to specify the current port as an untrusted port in ARP detection.
By default, a port is an untrusted port in ARP detection.
Examples
# Specify GigabitEthernet 1/0/11 as the trusted port in ARP detection.
<device> system-view
System View: return to User View with Ctrl+Z.
[device] interface gigabitethernet 1/0/11
[device-GigabitEthernet1/0/11] arp detection trust
arp restricted-forwarding enable
Syntax
arp restricted-forwarding enable
undo arp restricted-forwarding enable
View
VLAN view
Parameters
None
Description
Use the arp restricted-forwarding enable command to enable ARP restricted forwarding so that the legal ARP requests received from the specified VLAN are forwarded through configured trusted ports only, and the legal ARP responses are forwarded according to the MAC addresses in the packets, or through trusted ports if the MAC address table contains no such destination MAC addresses.
Use the undo arp restricted-forwarding enable command to disable ARP restricted forwarding.
By default, ARP restricted forwarding is disabled. The device forwards legal ARP packets through all its ports.
Related commands: arp detection enable, arp detection trust
Examples
# Enable ARP restricted forwarding in VLAN 1.
<device> system-view
System View: return to User View with Ctrl+Z.
[device] vlan 1
[device-vlan1] arp restricted-forwarding enable
arp static
Syntax
arp static ip-address mac-address [ vlan-id interface-type interface-number ]
arp static ip-address mac-address vlan-id (in Ethernet port view)
undo arp ip-address
View
System view/Ethernet port view
Parameters
ip-address: IP address contained in the ARP mapping entry to be created/removed.
mac-address: MAC address contained in the ARP mapping entry to be created, in the format of H-H-H.
vlan-id: ID of the VLAN to which the static ARP entry belongs, in the range of 1 to 4,094.
interface-type: Type of the port to which the static ARP entry belongs.
interface-number: Number of the port to which the static ARP entry belongs.
Description
Use the arp static command to create a static ARP entry.
Use the undo arp command to remove an ARP entry.
By default, the system ARP mapping table is empty and the address mapping entries are obtained by ARP dynamically.
Note that:
l Static ARP entries are valid as long as the device operates normally. But some operations, such as removing a VLAN, or removing a port from a VLAN, will make the corresponding ARP entries invalid and therefore removed automatically.
l As for the arp static command, the value of the vlan-id argument must be the ID of an existing VLAN, and the port identified by the interface-type and interface-number arguments must belong to the VLAN.
l Currently, static ARP entries cannot be configured on the ports of an aggregation group.
Related commands: reset arp, display arp.
Examples
# Create a static ARP mapping entry, with the IP address of 202.38.10.2, the MAC address of 000f-e20f-0000. The ARP mapping entry belongs to GigabitEthernet 1/0/1 which belongs to VLAN 1.
<device> system-view
System View: return to User View with Ctrl+Z.
[device] arp static 202.38.10.2 000f-e20f-0000 1 gigabitethernet 1/0/1
arp timer aging
Syntax
arp timer aging aging-time
undo arp timer aging
View
System view
Parameters
aging-time: Aging time (in minutes) of the dynamic ARP entries. This argument ranges from 1 to 1,440.
Description
Use the arp timer aging command to configure the aging time for dynamic ARP entries.
Use the undo arp timer aging command to restore the default.
By default, the aging time for dynamic ARP entries is 20 minutes.
Related commands: display arp timer aging.
Examples
# Configure the aging time to be 10 minutes for dynamic ARP entries.
<device> system-view
System View: return to User View with Ctrl+Z.
[device] arp timer aging 10
display arp
Syntax
display arp [ dynamic | static | ip-address ]
View
Any view
Parameters
dynamic: Displays dynamic ARP entries.
static: Displays static ARP entries.
ip-address: IP address. ARP entries containing the IP address are to be displayed.
Description
Use the display arp command to display specific ARP mapping entries.
If you execute this command with no keyword/argument specified, all the ARP entries are displayed.
Related commands: arp static, reset arp.
Examples
# Display all the ARP entries.
<device> display arp
Type: S-Static D-Dynamic
IP Address MAC Address VLAN ID Port Name / AL ID Aging Type
10.2.72.162 000a-000a-0aaa N/A N/A N/A S
192.168.0.77 0000-e8f5-6a4a 1 GigabitEthernet1/0/2 13 D
192.168.0.2 000d-88f8-4e88 1 GigabitEthernet1/0/2 14 D
192.168.0.200 0014-222c-9d6a 1 GigabitEthernet1/0/2 14 D
192.168.0.45 000d-88f6-44c1 1 GigabitEthernet1/0/2 15 D
192.168.0.110 0011-4301-991e 1 GigabitEthernet1/0/2 15 D
192.168.0.32 0000-e8f5-73ee 1 GigabitEthernet1/0/2 16 D
192.168.0.3 0014-222c-aa69 1 GigabitEthernet1/0/2 16 D
192.168.0.17 000d-88f6-379c 1 GigabitEthernet1/0/2 17 D
192.168.0.115 000d-88f7-9f7d 1 GigabitEthernet1/0/2 18 D
192.168.0.43 000c-760a-172d 1 GigabitEthernet1/0/2 18 D
192.168.0.33 000d-88f6-44ba 1 GigabitEthernet1/0/2 20 D
192.168.0.35 000f-e20f-2181 1 GigabitEthernet1/0/2 20 D
192.168.0.5 000f-3d80-2b38 1 GigabitEthernet1/0/2 20 D
--- 14 entries found ---
Table 1-1 display arp command output description
|
Field |
Description |
|
IP Address |
IP address contained in an ARP entry |
|
MAC Address |
MAC address contained in an ARP entry |
|
VLAN ID |
ID of the VLAN which an ARP entry corresponds to |
|
Port Name / AL ID |
Name of the port which an ARP entry corresponds to |
|
Aging |
Aging time (in minutes) of a dynamic ARP entry |
|
Type |
Type of an ARP entry |
display arp |
Syntax
display arp [ dynamic | static] | { begin | exclude | include } text
View
Any view
Parameters
dynamic: Displays dynamic ARP entries.
static: Displays static ARP entries.
|: Specifies the ARP entries to be displayed using regular expression.
begin: Displays the ARP entries from the first ARP entry that contains the specified string given by the text argument.
exclude: Displays the ARP entries that do not contain the specified string given by the text argument.
include: Displays the ARP entries that contain the specified string given by the text argument.
text: String used to filter ARP entries.
Description
Use the display arp | command to display the ARP entries related to string in a specified way.
Related commands: arp static, reset arp.
Examples
# Display all the ARP entries that contain the string “77”.
<device> display arp | include 77
Type: S-Static D-Dynamic
IP Address MAC Address VLAN ID Port Name / AL ID Aging Type
192.168.0.77 0000-e8f5-6a4a 1 GigabitEthernet1/0/2 12 D
--- 1 entry found ---
# Display all the ARP entries that do not contain the string “68”.
<device> display arp | exclude 68
Type: S-Static D-Dynamic
IP Address MAC Address VLAN ID Port Name / AL ID Aging Type
10.2.72.162 000a-000a-0aaa N/A N/A N/A S
--- 1 entry found ---
Refer to Table 1-1 for the description on the above output information.
display arp count
Syntax
display arp count [ [ dynamic | static ] [ | { begin | exclude | include } text ] | ip-address ]
View
Any view
Parameters
dynamic: Counts the dynamic ARP entries.
static: Counts the static ARP entries.
|: Specifies the ARP entries to be counted using regular expression.
begin: Counts the ARP entries from the first ARP entry that contains the string given by the text argument.
exclude: Counts the ARP entries that do not contain the string given by the text argument.
include: Counts the ARP entries that contain the string given by the text argument.
text: String used to filter ARP entries.
ip-address: IP address. The ARP entries containing the IP address are to be displayed.
Description
Use the display arp count command to display the number of the specified ARP entries. If no parameter is specified, the total number of ARP entries is displayed.
Related commands: arp static, reset arp.
Examples
# Display the total number of ARP entries.
<device> display arp count
14 entries found
display arp detection statistics interface
Syntax
display arp detection statistics interface interface-type interface-number
View
Any view
Parameters
interface-type interface-number: Type and number of a port.
Description
Use the display arp detection statistics interface command to display the statistics about untrusted ARP packets dropped by the specified port.
Examples
# Display the statistics about untrusted ARP packets dropped by GigabitEthernet 1/0/10 on the device.
<device> system-view
System View: return to User View with Ctrl+Z.
[device] display arp detection statistics interface gigabitethernet 1/0/10
ARP DETECTION : ENABLE
ARP PORT TRUST : DISABLE
INVALID ARP PACKETS : 31
Table 1-2 display arp detection statistics interface command output description
|
Field |
Description |
|
ARP DETECTION |
ARP attack detection state: enabled/disabled |
|
ARP PORT TRUST |
ARP trusted port function: enabled/disabled |
|
INVALID ARP PACKETS |
Number of untrusted ARP packets |
display arp timer aging
Syntax
display arp timer aging
View
Any view
Parameters
None
Description
Use the display arp timer aging command to display the setting of the ARP aging time.
Related commands: arp timer aging.
Examples
# Display the setting of the ARP aging time.
<device> display arp timer aging
Current ARP aging time is 20 minute(s)(default)
The displayed information shows that the ARP aging time is set to 20 minutes.
gratuitous-arp-learning enable
Syntax
gratuitous-arp-learning enable
undo gratuitous-arp-learning enable
View
System view
Parameters
None
Description
Use the gratuitous-arp-learning enable command to enable the gratuitous ARP packet learning function.
Use the undo gratuitous-arp-learning enable command to disable the gratuitous ARP packet learning function.
By default, the gratuitous ARP packet learning function is enabled.
Examples
# Enable the gratuitous ARP packet learning function on a device.
<device> system-view
System View: return to User View with Ctrl+Z.
[device] gratuitous-arp-learning enable
reset arp
Syntax
reset arp [ dynamic | static | interface interface-type interface-number ]
View
User view
Parameters
dynamic: Clears dynamic ARP entries.
static: Clears static ARP entries.
interface-type: Port type.
interface-number: Port number.
Description
Use the reset arp command to clear specific ARP entries.
Related commands: arp static, display arp.
Examples
# Clear static ARP entries.
<device> reset arp static
