Table of Contents

1 ARP Configuration· 1-1

ARP Overview· 1-1

ARP Function· 1-1

ARP Message Format 1-1

ARP Address Resolution Process· 1-2

ARP Table· 1-3

Configuring ARP· 1-4

Configuring a Static ARP Entry· 1-4

Configuring the Maximum Number of ARP Entries for an Interface· 1-5

Setting the Age Timer for Dynamic ARP Entries· 1-5

Enabling the ARP Entry Check· 1-5

Enabling Natural Mask Support for ARP Requests· 1-5

Displaying and Maintaining ARP· 1-6

ARP Configuration Example· 1-6

2 Configuring Gratuitous ARP· 2-1

Introduction to Gratuitous ARP· 2-1

Configuring Gratuitous ARP· 2-1

Enabling Learning of Gratuitous ARP Packets· 2-1

Enabling Sending of Gratuitous ARP Packets· 2-1

 

 

This chapter includes these sections:

l          ARP Overview

l          Configuring ARP

l          Displaying and Maintaining ARP

l          ARP Configuration Example

ARP Overview

ARP Function

Address Resolution Protocol (ARP) is used to resolve an IP address into a physical address (Ethernet MAC address, for example).

In an Ethernet LAN, when an AP sends data to another device, it uses ARP to translate the IP address of that device to the corresponding MAC address.

 

 

ARP Message Format

ARP messages are classified into ARP requests and ARP replies. Figure 1-1 shows the format of the ARP request/reply. Numbers in the figure refer to field lengths.

Figure 1-1 ARP message format

 

The following explains the fields in Figure 1-1.

l          Hardware type: This field specifies the hardware address type. The value 1 represents Ethernet.

l          Protocol type: This field specifies the type of the protocol address to be mapped. The hexadecimal value 0x0800 represents IP.

l          Hardware address length and protocol address length: They respectively specify the length of a hardware address and a protocol address, in bytes. For an Ethernet address, the value of the hardware address length field is 6. For an IP(v4) address, the value of the protocol address length field is 4.

l          OP: Operation code. This field specifies the type of ARP message. The value 1 represents an ARP request and 2 represents an ARP reply.

l          Sender hardware address: This field specifies the hardware address of the device sending the message.

l          Sender protocol address: This field specifies the protocol address of the device sending the message.

l          Target hardware address: This field specifies the hardware address of the device the message is being sent to.

l          Target protocol address: This field specifies the protocol address of the device the message is being sent to.

ARP Address Resolution Process

Suppose that Host A and Host B are on the same subnet and that Host A sends a message to Host B, as show in Figure 1-2. The resolution process is as follows:

1)        Host A looks in its ARP table to see whether there is an ARP entry for Host B. If Host A finds it, Host A uses the MAC address in the entry to encapsulate the IP packet into a data link layer frame and sends the frame to Host B.

2)        If Host A finds no entry for Host B, Host A buffers the packet and broadcasts an ARP request, in which the source IP address and source MAC address are respectively the IP address and MAC address of Host A and the destination IP address and MAC address are respectively the IP address of Host B and an all-zero MAC address. Because the ARP request is sent in broadcast mode, all hosts on this subnet can receive the request, but only the requested host (namely, Host B) will process the request.

3)        Host B compares its own IP address with the target IP address in the ARP request. If they are the same, Host B saves the sender IP address and sender MAC address into its ARP table, encapsulates its MAC address into an ARP reply, and unicasts the reply to Host A.

4)        After receiving the ARP reply, Host A adds the MAC address of Host B into its ARP table for subsequent packet forwarding. Meanwhile, Host A encapsulates the IP packet and sends it out.

Figure 1-2 ARP address resolution process

 

When Host A and Host B are not on the same subnet, Host A first sends an ARP request to the gateway. The destination IP address in the ARP request is the IP address of the gateway. After obtaining the MAC address of the gateway from an ARP reply, Host A sends it to the gateway. If the gateway maintains the ARP entry of Host B, it forwards the packet to Host B directly; if not, it broadcasts an ARP request, in which the destination IP address is the one of Host B. After obtaining the MAC address of Host B, the gateway sends the packet to Host B.

ARP Table

After obtaining the destination MAC address, the AP adds the IP-to-MAC mapping into its own ARP table. This mapping is used for forwarding packets with the same destination in future.

An ARP table contains ARP entries, which fall into two categories: dynamic and static.

Dynamic ARP entry

A dynamic entry is automatically created and maintained by ARP. It can get aged, be updated by a new ARP packet, or be overwritten by a static ARP entry. When the age timer expires or the interface goes down, the corresponding dynamic ARP entry will be removed.

Static ARP entry

A static ARP entry is manually configured and maintained. It cannot get aged or be overwritten by a dynamic ARP entry.

Using static ARP entries enhances communication security. A static ARP entry specifies a fixed MAC address and IP address. Attack packets cannot modify any static ARP entry.

Static ARP entries can be classified into long and short.

l          A long static ARP entry can be directly used to forward packets. When configuring a long static ARP entry, you must configure a VLAN and outbound interface for the entry besides the IP address and MAC address.

l          A short static ARP entry has only an IP address and MAC address configured. If the outbound interface is a Layer 3 Ethernet interface, the short ARP entry can be directly used for forwarding data; if the outbound interface is a VLAN interface, it cannot be directly used for forwarding data. If a short static ARP entry matches an IP packet to be forwarded, the AP sends an ARP request. If the source IP and MAC addresses in the received ARP reply are the same as those in the short static ARP entry, the AP adds the interface receiving the ARP reply to the short static ARP entry. Then the entry can be used for forwarding IP packets.

 

l          Usually ARP dynamically resolves IP addresses to MAC addresses, without manual intervention.

 

Configuring ARP

Configuring a Static ARP Entry

A static ARP entry is effective when the AP works normally. However, when a VLAN or VLAN interface to which a static ARP entry corresponds is deleted, the entry, if long, will be deleted, and if short and resolved, will become unresolved.

Follow these steps to configure a static ARP entry:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure a long static ARP entry	arp static ip-address mac-address vlan-id interface-type interface-number	Required No long static ARP entry is configured by default.
Configure a short static ARP entry	arp static ip-address mac-address	Required No short static ARP entry is configured by default.

 

 

Configuring the Maximum Number of ARP Entries for an Interface

Follow these steps to set the maximum number of dynamic ARP entries that an interface can learn:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter Ethernet interface view	interface interface-type interface-number	—
Set the maximum number of dynamic ARP entries that an interface can learn	arp max-learning-num number	Optional

 

Setting the Age Timer for Dynamic ARP Entries

Each dynamic ARP entry in the ARP table has an age timer. The age timer of a dynamic ARP entry is reset each time the dynamic ARP entry is used. Dynamic ARP entries that are not used before expiration are deleted from the ARP table. You can adjust the age timer for dynamic ARP entries according to the actual network condition

Follow these steps to set the age timer for dynamic ARP entries:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Set age timer for dynamic ARP entries	arp timer aging aging-time	Optional 20 minutes by default.

 

Enabling the ARP Entry Check

The ARP entry check function disables the AP from learning multicast MAC addresses.

When ARP entry check is enabled, the AP cannot learn any ARP entry with a multicast MAC address, and you cannot configure a static ARP entry with a multicast MAC address on the AP; otherwise, the system displays error messages.

When ARP entry check is disabled, the AP can learn the ARP entry with a multicast MAC address, and you can also configure such a static ARP entry on the AP.

Follow these steps to enable ARP entry check:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enable ARP entry check	arp check enable	Optional By default, the AP is disabled from learning multicast MAC addresses.

 

Enabling Natural Mask Support for ARP Requests

This feature enables the AP to learn the sender IP and MAC addresses in a received ARP request whose sender IP address is on the same classful network as but a different subnet from the IP address of the receiving interface. A classful network refers to a class A, B, or C network.

Suppose that VLAN-interface 10 with IP address 10.10.10.5/24 receives an ARP request from 10.11.11.1/8. Because the subnet address calculated by the AND operation of 10.11.11.1 and the receiving interface’s 24-bit subnet mask is not in the subnet 10.10.10.5/24, VLAN-interface 10 cannot process the ARP packet.

With this feature enabled, the AP calculates the subnet address by using the default mask of the class A network where 10.10.10.5/24 resides. Because 10.10.10.5/24 is on the same class A network as 10.11.11.1/8, VLAN-interface 10 can learn the sender IP and MAC addresses in the request.

Follow these steps to enable natural mask support for ARP requests:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enable natural mask support for ARP requests	naturemask-arp enable	Required Disabled by default.

 

Displaying and Maintaining ARP

To do…	Use the command…	Remarks
Display the ARP entries in the ARP table	display arp [ [ all | dynamic | static ] | vlan vlan-id | interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression | count ]	Available in any view
Display the ARP entry for a specified IP address	display arp ip-address [ | { begin | exclude | include } regular-expression ]	Available in any view
Display the age timer for dynamic ARP entries	display arp timer aging	Available in any view
Clear ARP entries from the ARP table	reset arp { all | dynamic | static | interface interface-type interface-number }	Available in user view

 

 

ARP Configuration Example

Network requirements

l          Enable the ARP entry check.

l          Set the age timer for dynamic ARP entries to 10 minutes.

l          Enable the support for ARP requests from a natural network.

l          Set the maximum number of dynamic ARP entries that VLAN-interface 10 can learn to 32.

l          Add a static ARP entry, with the IP address being 192.168.1.1/24, the MAC address being 00e0-fc01-0000, and the outbound interface being Ethernet 1/0/1 of VLAN 10.

Configuration procedure

<Sysname> system-view

[Sysname] arp check enable

[Sysname] arp timer aging 10

[Sysname] naturemask-arp enable

[Sysname] vlan 10

[Sysname-vlan10] quit

[Sysname] interface ethernet 1/0/1

[Sysname-Ethernet1/0/1] port access vlan 10

[Sysname-Ethernet1/0/1] quit

[Sysname] interface vlan-interface 10

[Sysname-vlan-interface10] arp max-learning-num 32

[Sysname-vlan-interface10] quit

[Sysname] arp static 192.168.1.1 00e0-fc01-0000 10 ethernet 1/0/1

 

This chapter includes these sections:

l          Introduction to Gratuitous ARP

l          Configuring Gratuitous ARP

Introduction to Gratuitous ARP

In a gratuitous ARP packet, the sender IP address and the target IP address are the IP address of the sending device, the sender MAC address is the MAC address of the sending device, and the target MAC address is the broadcast address ff:ff:ff:ff:ff:ff.

An AP sends a gratuitous ARP packet to:

l          Determine whether its IP address is already used by another device, or

l          Informe other devices of the change of its MAC address.

After receiving a gratuitous ARP packet, an AP checks whether a match exists in its ARP table. If no match is found, the AP adds IP-to-MAC mapping information carried in the packet to the ARP table.

Configuring Gratuitous ARP

Enabling Learning of Gratuitous ARP Packets

With this feature enabled, an AP, upon receiving a gratuitous ARP packet adds the sender IP and MAC addresses carried in the packet to its ARP table if no corresponding ARP entry exists. If the corresponding ARP entry is found, the AP updates the ARP entry, regardless of whether learning of gratuitous ARP packets is enabled.

Follow these steps to enable learning of gratuitous ARP packets:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enable learning of gratuitous ARP packets	gratuitous-arp-learning enable	Optional Enabled by default.

 

Enabling Sending of Gratuitous ARP Packets

Follow these steps to enable sending of gratuitous ARP packets:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enable the AP to send gratuitous ARP packets upon receiving ARP requests from another network segment	gratuitous-arp-sending enable	Required By default, an AP does not send gratuitous ARP packets when receiving ARP requests from another network segment.