Contents

Configuring ARP· 1

Overview·· 1

ARP message format 1

ARP operating mechanism·· 1

ARP table· 2

Configuring a static ARP entry· 3

Configuring a multiport ARP entry· 4

Setting the maximum number of dynamic ARP entries for a device· 4

Setting the maximum number of dynamic ARP entries for an interface· 5

Setting the aging timer for dynamic ARP entries· 6

Enabling dynamic ARP entry check· 6

Configuring a customer-side port 6

Enabling ARP logging· 7

Performing ARP entry synchronization· 7

Displaying and maintaining ARP· 7

Configuration examples· 8

Static ARP configuration example· 8

Multiport ARP entry configuration example· 9

Configuring gratuitous ARP· 11

Overview·· 11

Gratuitous ARP packet learning· 11

Periodic sending of gratuitous ARP packets· 11

Configuration procedure· 12

Enabling IP conflict notification· 12

Configuring proxy ARP· 14

Enabling common proxy ARP· 14

Enabling local proxy ARP· 14

Displaying proxy ARP· 14

Common proxy ARP configuration example· 15

Network requirements· 15

Configuration procedure· 15

Verifying the configuration· 16

 

Configuring ARP

Overview

ARP resolves IP addresses into MAC addresses on Ethernet networks.

ARP message format

ARP uses two types of messages: ARP request and ARP reply. Figure 1 shows the format of ARP request/reply messages. Numbers in the figure refer to field lengths.

Figure 1 ARP message format

 

·          Hardware type—Hardware address type. The value 1 represents Ethernet.

·          Protocol type—Type of the protocol address to be mapped. The hexadecimal value 0x0800 represents IP.

·          Hardware address length and protocol address length—Length, in bytes, of a hardware address and a protocol address. For an Ethernet address, the value of the hardware address length field is 6. For an IPv4 address, the value of the protocol address length field is 4.

·          OP—Operation code, which describes the type of ARP message. Value 1 represents an ARP request, and value 2 represents an ARP reply.

·          Sender hardware address—Hardware address of the device sending the message.

·          Sender protocol address—Protocol address of the device sending the message.

·          Target hardware address—Hardware address of the device to which the message is being sent.

·          Target protocol address—Protocol address of the device to which the message is being sent.

ARP operating mechanism

As shown in Figure 2, Host A and Host B are on the same subnet. Host A sends a packet to Host B as follows:

1.        Host A looks through the ARP table for an ARP entry for Host B. If one entry is found, Host A uses the MAC address in the entry to encapsulate the IP packet into a data link layer frame. Then Host A sends the frame to Host B.

2.        If Host A finds no entry for Host B, Host A buffers the packet and broadcasts an ARP request. The payload of the ARP request contains the following information:

¡  Sender IP address and sender MAC address—Host A's IP address and MAC address.

¡  Target IP address—Host B's IP address.

¡  Target MAC address—An all-zero MAC address.

All hosts on this subnet can receive the broadcast request, but only the requested host (Host B) processes the request.

3.        Host B compares its own IP address with the target IP address in the ARP request. If they are the same, Host B:

a.    Adds the sender IP address and sender MAC address into its ARP table.

b.    Encapsulates its MAC address into an ARP reply.

c.    Unicasts the ARP reply to Host A.

4.        After receiving the ARP reply, Host A:

a.    Adds the MAC address of Host B into its ARP table.

b.    Encapsulates the MAC address into the packet and sends the packet to Host B.

Figure 2 ARP address resolution process

 

If Host A and Host B are on different subnets, Host A sends a packet to Host B as follows:

1.        Host A broadcasts an ARP request where the target IP address is the IP address of the gateway.

2.        The gateway responds with its MAC address in an ARP reply to Host A.

3.        Host A uses the gateway's MAC address to encapsulate the packet, and then sends the packet to the gateway.

4.        If the gateway has an ARP entry for Host B, it forwards the packet to Host B directly. If not, the gateway broadcasts an ARP request, in which the target IP address is the IP address of Host B.

5.        After the gateway gets the MAC address of Host B, it sends the packet to Host B.

ARP table

An ARP table stores dynamic and static ARP entries.

Dynamic ARP entry

ARP automatically creates and updates dynamic entries. A dynamic ARP entry is removed when its aging timer expires or the output interface goes down. In addition, a dynamic ARP entry can be overwritten by a static ARP entry.

Static ARP entry

A static ARP entry is manually configured and maintained. It does not age out and cannot be overwritten by any dynamic ARP entry.

Static ARP entries protect communication between devices because attack packets cannot modify the IP-to-MAC mapping in a static ARP entry.

The device supports the following types of static ARP entries:

·          Long static ARP entry—It contains the IP address, MAC address, VLAN, and output interface. It is directly used for forwarding packets.

·          Short static ARP entry—It contains only the IP address and MAC address.

¡  If the output interface is a Layer 3 Ethernet interface, the short ARP entry can be directly used to forward packets.

¡  If the output interface is a VLAN interface, the device first sends an ARP request whose target IP address is the IP address of the short entry. If the sender IP and MAC addresses in the received ARP reply match the IP and MAC addresses of the short static ARP entry, the device adds the interface that received the ARP reply to the short static ARP entry, and uses the resolved short static ARP entry to forward IP packets.

·          Multiport ARP entry—It contains the IP address, MAC address, and VLAN.

If a multiport ARP entry has the same MAC address and VLAN as a multicast or multiport unicast MAC address entry, the device can use the multiport ARP entry to send IP packets. A multiport ARP entry is manually configured. It does not age out and cannot be overwritten by any dynamic ARP entry. For more information about multicast MAC, see IP Multicast Configuration Guide.

To communicate with a host by using a fixed IP-to-MAC mapping, configure a short static ARP entry on the device. To communicate with a host by using a fixed IP-to-MAC mapping through an interface in a VLAN, configure a long static ARP entry on the device.

OpenFlow ARP entry

ARP creates OpenFlow ARP entries by learning from the OpenFlow module. An OpenFlow ARP entry does not age out, and it cannot be updated. An OpenFlow ARP entry can be used directly to forward packets. For more information about OpenFlow, see OpenFlow Configuration Guide.

Rule ARP entry

ARP creates Rule ARP entries by learning from the VXLAN and OVSDB modules. A Rule ARP entry does not age out, and it cannot be updated. It can be overwritten by a static ARP entry. A Rule ARP entry can be used directly to forward packets. For more information about VXLAN and OVSDB, see VXLAN Configuration Guide.

Configuring a static ARP entry

A static ARP entry is effective when the device functions correctly. If a VLAN or VLAN interface is deleted, any long static ARP entry in the VLAN is deleted, and any resolved short static ARP entry in the VLAN becomes unresolved.

A resolved short static ARP entry becomes unresolved upon certain events, for example, when the resolved output interface goes down.

A long static ARP entry is ineffective if the IP address in the entry conflicts with a local IP address, or no local interface has an IP address in the same subnet as the IP address in the ARP entry. An ineffective long static ARP entry cannot be used to forward packets.

Follow these guidelines when you configure a static ARP entry:

·          The vlan-id argument must be the ID of an existing VLAN where the ARP entry resides. The specified Ethernet interface must belong to that VLAN. The VLAN interface of the VLAN must be created.

·          The IP address of the VLAN interface of the VLAN specified by the vlan-id argument must belong to the same subnet as the IP address specified by the ip-address argument.

To configure a static ARP entry:

 

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Configure a static ARP entry.	·         Configure a long static ARP entry: arp static ip-address mac-address [ vlan-id interface-type interface-number | interface-type interface-number interface-type interface-number vsi vsi-name ] [ vpn-instance vpn-instance-name ] ·         Configure a short static ARP entry: arp static ip-address mac-address [ vpn-instance vpn-instance-name ]	By default, no static ARP entry is configured.

 

Configuring a multiport ARP entry

A multiport ARP entry contains an IP address, MAC address, and VLAN ID.

For the multiport ARP entry to be effective for packet forwarding, you must configure a multicast or multiport unicast MAC address entry to specify multiple output interfaces. The MAC address entry must have the same MAC address and VLAN ID as the multiport ARP entry. In addition, the IP address in the multiport ARP entry must reside on the same subnet as the virtual interface of the specified VLAN.

A multiport ARP entry can overwrite a dynamic, short static or long static ARP entry. Conversely, a short static or long static ARP entry can overwrite a multiport ARP entry.

To configure a multiport ARP entry:

 

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Configure a multicast or multiport unicast MAC address entry.	·         Configure a multiport unicast MAC address entry: mac-address multiport mac-address interface interface-list vlan vlan-id ·         Configure a multicast MAC address entry: mac-address multicast mac-address interface interface-list vlan vlan-id	By default, no multicast or multiport unicast MAC address entries are configured. For more information about the mac-address multiport command, see Layer 2—LAN Switching Command Reference. For more information about the mac-address multicast command, see IP Multicast Command Reference.
3.       Configure a multiport ARP entry.	arp multiport ip-address mac-address vlan-id [ vpn-instance vpn-instance-name ]	By default, no multiport ARP entries are configured.

 

Setting the maximum number of dynamic ARP entries for a device

A device can dynamically learn ARP entries. To prevent a device from holding too many ARP entries, you can set the maximum number of dynamic ARP entries that the device can learn. When the maximum number is reached, the device stops learning ARP entries.

If you set a value lower than the number of existing dynamic ARP entries, the device does not remove the existing entries unless they are aged out. The device also stops learning ARP entries until the number of dynamic ARP entries is below the configured value.

To set the maximum number of dynamic ARP entries for a device:

 

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Set the maximum number of dynamic ARP entries for the device.	·         In standalone mode: arp max-learning-number number slot slot-number ·         In IRF mode: arp max-learning-number number chassis chassis-number slot slot-number	By default, the ARP learning limit for the device is as follows: ·         For FE cards, the dynamic ARP learning limit for the device depends on the ARP table capacity set by using the hardware-resource tcam command. For information about the hardware-resource tcam command, see the device management in Fundamentals Command Reference. ·         For the other cards, the device can learn a maximum of 16000 dynamic ARP entries. If the value for the number argument is set to 0, the device is disabled from learning dynamic ARP entries.

 

Setting the maximum number of dynamic ARP entries for an interface

An interface can dynamically learn ARP entries. To prevent an interface from holding too many ARP entries, you can set the maximum number of dynamic ARP entries that the interface can learn. When the maximum number is reached, the interface stops learning ARP entries.

The Layer-2 interface can learn an ARP entry only when both its maximum number and the VLAN interface's maximum number are not reached.

To set the maximum number of dynamic ARP entries for an interface:

 

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Enter interface view.	interface interface-type interface-number	N/A
3.       Set the maximum number of dynamic ARP entries for the interface.	arp max-learning-num number	By default, the ARP learning limit for an interface is as follows: ·         For FE cards, the dynamic ARP learning limit for an interface depends on the ARP table capacity set by using the hardware-resource tcam command. For information about the hardware-resource tcam command, see the device management in Fundamentals Command Reference. ·         For the other cards, an interface can learn a maximum of 16000 dynamic ARP entries. If the value of the number argument is set to 0, the interface is disabled from learning dynamic ARP entries.

 

Setting the aging timer for dynamic ARP entries

Each dynamic ARP entry in the ARP table has a limited lifetime, called an aging timer. The aging timer of a dynamic ARP entry is reset each time the dynamic ARP entry is updated. A dynamic ARP entry that is not updated before its aging timer expires is deleted from the ARP table.

To set the aging timer for dynamic ARP entries:

 

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Set the aging timer for dynamic ARP entries.	arp timer aging aging-time	By default, the aging time for dynamic ARP entries is 20 minutes.

 

Enabling dynamic ARP entry check

The dynamic ARP entry check feature controls whether the device supports dynamic ARP entries containing multicast MAC addresses.

When dynamic ARP entry check is enabled, the device cannot learn dynamic ARP entries containing multicast MAC addresses, and you cannot manually add static ARP entries containing multicast MAC addresses.

When dynamic ARP entry check is disabled, the device can learn dynamic ARP entries containing multicast MAC addresses obtained from the ARP packets sourced from a unicast MAC address. You can also manually add static ARP entries containing multicast MAC addresses.

To enable dynamic ARP entry check:

 

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Enable dynamic ARP entry check.	arp check enable	By default, dynamic ARP entry check is enabled.

 

Configuring a customer-side port

By default, the device associates an ARP entry with routing information when the device learns an ARP entry. The ARP entry provides the next hop information for routing. To save hardware resources, you can use this command to specify a port that connects a user terminal as a customer-side port so the device will not associate the routing information with the learned ARP entries.

When an interface is configured as a customer-side port, the device can learn a maximum of 120000 ARP entries with consecutive MAC addresses or 16000 ARP entries with inconsecutive MAC addresses.

To configure a customer-side port:

 

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Create a VLAN interface and enter its view.	interface vlan-interface vlan-interface-id	If the VLAN interface exists, you directly enter its view.
3.       Specify the VLAN interface as a customer-side port.	arp mode uni	By default, a port operates as a network-side port.

 

Enabling ARP logging

This feature enables a device to log ARP events in ARP resolution.

To enable ARP logging:

 

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Enable ARP logging.	arp check log enable	By default, ARP logging is disabled.

 

Performing ARP entry synchronization

This task ensures that all cards on the device have the same ARP entries. This task is a one-time operation.

To synchronize ARP entries across all cards in a timely manner, you can schedule the device to automatically execute the arp smooth command. For information about scheduling a task, see Fundamentals Configuration Guide.

To synchronize ARP entries from the active MPU to all other cards:

 

Task	Command	Remarks
Synchronize ARP entries from the active MPU to all other cards.	arp smooth	This command is available in any view.

 

Displaying and maintaining ARP

	IMPORTANT: Clearing ARP entries from the ARP table might cause communication failures. Make sure the entries to be cleared do not affect current communications.

 

Execute display commands in any view and reset commands in user view.

 

Task	Command
Display ARP entries (in standalone mode).	display arp [ [ all | dynamic | multiport | static ] [ slot slot-number ] | vlan vlan-id | interface interface-type interface-number ] [ count | verbose ]
Display ARP entries (in IRF mode).	display arp [ [ all | dynamic | multiport | static ] [ chassis chassis-number slot slot-number ] | vlan vlan-id | interface interface-type interface-number ] [ count | verbose ]
Display the ARP entry for an IP address (in standalone mode).	display arp ip-address [ slot slot-number ] [ verbose ]
Display the ARP entry for an IP address (in IRF mode).	display arp ip-address [ chassis chassis-number slot slot-number ] [ verbose ]
Display the ARP entries for a VPN instance.	display arp vpn-instance vpn-instance-name [ count ]
Display the aging timer of dynamic ARP entries.	display arp timer aging
Clear ARP entries from the ARP table (in standalone mode).	reset arp { all | dynamic | interface interface-type interface-number | multiport | slot slot-number | static }
Clear ARP entries from the ARP table (in IRF mode).	reset arp { all | chassis chassis-number slot slot-number | dynamic | interface interface-type interface-number | multiport | static }

 

Configuration examples

Static ARP configuration example

Network requirements

As shown in Figure 3, hosts are connected to the switch, which is connected to the router through interface FortyGigE 1/0/1 in VLAN 10.

To ensure secure communications between the router and switch, configure a static ARP entry for the router on the switch.

Figure 3 Network diagram

 

Configuration procedure

# Create VLAN 10.

<Switch> system-view

[Switch] vlan 10

[Switch-vlan10] quit

# Add interface FortyGigE 1/0/1 to VLAN 10.

[Switch] interface fortygige 1/0/1

[Switch-FortyGigE1/0/1] port access vlan 10

[Switch-FortyGigE1/0/1] quit

# Create VLAN-interface 10 and configure its IP address.

[Switch] interface vlan-interface 10

[Switch-vlan-interface10] ip address 192.168.1.2 24

[Switch-vlan-interface10] quit

# Configure a static ARP entry that has IP address 192.168.1.1, MAC address 00e0-fc01-0000, and output interface FortyGigE 1/0/1 in VLAN 10.

[Switch] arp static 192.168.1.1 00e0-fc01-0000 10 fortygige 1/0/1

Verifying the configuration

# Verify that the switch has a static ARP entry for the router.

[Switch] display arp static

  Type: S-Static   D-Dynamic   O-Openflow   R-Rule   M-Multiport  I-Invalid

IP address      MAC address    VID        Interface/Link ID        Aging Type

192.168.1.1     00e0-fc01-0000 10         FGE1/0/1                 N/A   S

Multiport ARP entry configuration example

Network requirements

As shown in Figure 4, a switch connects to three servers through interfaces FortyGigE 1/0/1, FortyGigE 1/0/2, and FortyGigE 1/0/3 in VLAN 10. The servers share the IP address 192.168.1.1/24 and MAC address 00e0-fc01-0000.

Configure a multiport ARP entry to send IP packets with destination IP address 192.168.1.1 to the three servers.

Figure 4 Network diagram

 

Configuration procedure

# Create VLAN 10.

<Switch> system-view

[Switch] vlan 10

[Switch-vlan10] quit

# Add FortyGigE 1/0/1, FortyGigE 1/0/2, and FortyGigE 1/0/3 to VLAN 10.

[Switch] interface fortygige 1/0/1

[Switch-FortyGigE1/0/1] port access vlan 10

[Switch-FortyGigE1/0/1] quit

[Switch] interface fortygige 1/0/2

[Switch-FortyGigE1/0/2] port access vlan 10

[Switch-FortyGigE1/0/2] quit

[Switch] interface fortygige 1/0/3

[Switch-FortyGigE1/0/3] port access vlan 10

[Switch-FortyGigE1/0/3] quit

# Create VLAN-interface 10 and specify its IP address.

[Switch] interface vlan-interface 10

[Switch-vlan-interface10] ip address 192.168.1.2 24

[Switch-vlan-interface10] quit

# Configure a multiport unicast MAC address entry that has MAC address 00e0-fc01-0000, and output interfaces FortyGigE 1/0/1 through FortyGigE 1/0/3 in VLAN 10.

[Switch] mac-address multiport 00e0-fc01-0000 interface fortygige 1/0/1 to fortygige 1/0/3 vlan 10

# Configure a multiport ARP entry with IP address 192.168.1.1 and MAC address 00e0-fc01-0000.

[Switch] arp multiport 192.168.1.1 00e0-fc01-0000 10

Verifying the configuration

# Verify that the switch has a multiport ARP entry with IP address 192.168.1.1 and MAC address 00e0-fc01-0000.

[Switch] display arp

  Type: S-Static   D-Dynamic   O-Openflow   R-Rule   M-Multiport  I-Invalid

IP address      MAC address    VID        Interface/Link ID        Aging Type

192.168.1.1     00e0-fc01-0000 10         N/A                      N/A   M

 

Configuring gratuitous ARP

Overview

In a gratuitous ARP packet, the sender IP address and the target IP address are the IP address of the sending device.

A device sends a gratuitous ARP packet for either of the following purposes:

·          Determine whether its IP address is already used by another device. If the IP address is already used, the device is informed of the conflict by an ARP reply.

·          Inform other devices of a MAC address change.

Gratuitous ARP packet learning

This feature enables a device to create or update ARP entries by using the sender IP and MAC addresses in received gratuitous ARP packets.

When this feature is disabled, the device uses received gratuitous ARP packets to update existing ARP entries only.

Periodic sending of gratuitous ARP packets

Enabling a device to periodically send gratuitous ARP packets helps downstream devices update ARP entries or MAC entries in a timely manner. This feature can be used to prevent gateway spoofing, prevent ARP entries from aging out, and prevent the virtual IP address of a VRRP group from being used by a host.

·          Prevent gateway spoofing.

An attacker can use the gateway address to send gratuitous ARP packets to the hosts on a network, so that the traffic destined for the gateway from the hosts is sent to the attacker instead. As a result, the hosts cannot access the external network.

To prevent such gateway spoofing attacks, you can enable the gateway to send gratuitous ARP packets at intervals. Gratuitous ARP packets contain the primary IP address and manually configured secondary IP addresses of the gateway, so hosts can learn correct gateway address information.

·          Prevent ARP entries from aging out.

If network traffic is heavy or if the host CPU usage is high, received ARP packets can be discarded or are not promptly processed. Eventually, the dynamic ARP entries on the receiving host age out and the traffic between the host and the corresponding devices is interrupted until the host re-creates the ARP entries.

To prevent this problem, you can enable the gateway to send gratuitous ARP packets periodically. The gratuitous ARP packets contain the gateway's primary IP address or one of its manually configured secondary IP addresses, so the receiving hosts can update ARP entries in time.

·          Prevent the virtual IP address of a VRRP group from being used by a host.

The master router of a VRRP group can periodically send gratuitous ARP packets to the hosts on the local network, so that the hosts can update local ARP entries and avoid using the virtual IP address of the VRRP group. For more information about VRRP, see High Availability Configuration Guide.

¡  If the virtual IP address of the VRRP group is associated with a virtual MAC address, the sender MAC address in the gratuitous ARP packet is the virtual MAC address of the virtual router.

¡  If the virtual IP address of the VRRP group is associated with the real MAC address of an interface, the sender MAC address in the gratuitous ARP packet is the MAC address of the interface on the master router in the VRRP group.

Configuration procedure

The following conditions apply to the gratuitous ARP configuration:

·          You can enable periodic sending of gratuitous ARP packets on up to 1024 interfaces.

·          Periodic sending of gratuitous ARP packets takes effect only when the link of the enabled interface goes up and an IP address has been assigned to the interface.

·          If you change the interval for sending gratuitous ARP packets, the configuration is effective at the next sending interval.

·          The frequency of sending gratuitous ARP packets might be much lower than the sending interval set by the user in any of the following circumstances:

¡  This feature is enabled on multiple interfaces.

¡  Each interface is configured with multiple secondary IP addresses.

¡  A small sending interval is configured when the previous two conditions exist.

To configure gratuitous ARP:

 

Step	Command	Remarks
3.       Enter system view.	system-view	N/A
4.       Enable learning of gratuitous ARP packets.	gratuitous-arp-learning enable	By default, learning of gratuitous ARP packets is enabled.
5.       Enable the device to send gratuitous ARP packets upon receiving ARP requests whose sender IP address belongs to a different subnet.	gratuitous-arp-sending enable	By default, a device does not send gratuitous ARP packets upon receiving ARP requests whose sender IP address belongs to a different subnet.
6.       Enter interface view.	interface interface-type interface-number	N/A
7.       Enable periodic sending of gratuitous ARP packets and set the sending interval.	arp send-gratuitous-arp [ interval milliseconds ]	By default, periodic sending of gratuitous ARP packets is disabled.

 

Enabling IP conflict notification

By default, if the sender IP address of a gratuitous ARP packet is being used by the receiving device, the receiving device sends a gratuitous ARP request. It also displays an error message after it receives an ARP reply about the conflict.

You can use this command to enable the device to display error messages without sending a gratuitous ARP reply or request for conflict confirmation.

To enable IP conflict notification:

 

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Enable IP conflict notification.	arp ip-conflict log prompt	By default, IP conflict notification is disabled.

 

 

Configuring proxy ARP

Proxy ARP enables a device on one network to answer ARP requests for an IP address on another network. With proxy ARP, hosts on different broadcast domains can communicate with each other as they would on the same broadcast domain.

Proxy ARP includes common proxy ARP and local proxy ARP.

·          Common proxy ARP—Allows communication between hosts that connect to different Layer-3 interfaces and reside in different broadcast domains.

·          Local proxy ARP—Allows communication between hosts that connect to the same Layer-3 interface and reside in different broadcast domains.

Enabling common proxy ARP

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Enter interface view.	interface interface-type interface-number	The following interface types are supported: ·         VLAN interface. ·         Layer 3 Ethernet interface. ·         Layer 3 Ethernet subinterface. ·         Layer 3 aggregate interface. ·         Layer 3 aggregate subinterface.
3.       Enable common proxy ARP.	proxy-arp enable	By default, common proxy ARP is disabled.

 

Enabling local proxy ARP

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Enter interface view.	interface interface-type interface-number	The following interface types are supported: ·         VLAN interface. ·         Layer 3 Ethernet interface. ·         Layer 3 Ethernet subinterface. ·         Layer 3 aggregate interface. ·         Layer 3 aggregate subinterface.
3.       Enable local proxy ARP.	local-proxy-arp enable [ ip-range startIP to endIP ]	By default, local proxy ARP is disabled.

 

Displaying proxy ARP

Execute display commands in any view.

 

Task	Command
Display common proxy ARP status.	display proxy-arp [ interface interface-type interface-number ]
Display local proxy ARP status.	display local-proxy-arp [ interface interface-type interface-number ]

 

Common proxy ARP configuration example

Network requirements

As shown in Figure 5, Host A and Host D have the same IP prefix and mask, but they are located on different subnets separated by the switch (Host A belongs to VLAN 1, and Host D belongs to VLAN 2). No default gateway is configured on Host A and Host D.

Configure common proxy ARP on the switch to enable communication between the two hosts.

Figure 5 Network diagram

 

Configuration procedure

# Create VLAN 2.

<Switch> system-view

[Switch] vlan 2

[Switch-vlan2] quit

# Configure the IP address of VLAN-interface 1.

[Switch] interface vlan-interface 1

[Switch-Vlan-interface1] ip address 192.168.10.99 255.255.255.0

# Enable common proxy ARP on VLAN-interface 1.

[Switch-Vlan-interface1] proxy-arp enable

[Switch-Vlan-interface1] quit

# Configure the IP address of VLAN-interface 2.

[Switch] interface vlan-interface 2

[Switch-Vlan-interface2] ip address 192.168.20.99 255.255.255.0

# Enable common proxy ARP on VLAN-interface 2.

[Switch-Vlan-interface2] proxy-arp enable

Verifying the configuration

# Verify that Host A and Host D can ping each other.