Login
- Table of Contents
-
- 03-Security Command Reference
- 00-Preface
- 01-Security zone commands
- 02-Security policy commands
- 03-ASPF commands
- 04-Session management commands
- 05-Object group commands
- 06-Object policy commands
- 07-IP source guard commands
- 08-AAA commands
- 09-User identification commands
- 10-Password control commands
- 11-Portal commands
- 12-MAC authentication commands
- 13-IPoE commands
- 14-Public key management commands
- 15-PKI commands
- 16-SSH commands
- 17-SSL commands
- 18-Connection limit commands
- 19-Attack detection and prevention commands
- 20-Server connection detection commands
- 21-ARP attack protection commands
- 22-ND attack defense commands
- 23-uRPF commands
- 24-IP-MAC binding commands
- 25-APR commands
- 26-Keychain commands
- 27-Crypto engine commands
- 28-MAC learning through a Layer 3 device commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 28-MAC learning through a Layer 3 device commands | 58.71 KB |
Contents
MAC learning through a Layer 3 device commands
display snmp-server arp-sync table
reset snmp-server arp-sync table
snmp-server arp-sync { interval | timeout } *
snmp-server arp-sync target-host
MAC learning through a Layer 3 device commands
display snmp-server arp-sync table
Use display snmp-server arp-sync table to display ARP entries synchronized through SNMP.
Syntax
display snmp-server arp-sync table
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Examples
# Display ARP entries synchronized through SNMP.
<Sysname> display snmp-server arp-sync table
IP Address MAC Address Aging(M)
1.1.1.1 00e0-0000-0001 1
Total:1
Table 1 Command output
|
Field |
Description |
|
Aging(M) |
Aging time in minutes. |
Related commands
reset snmp-server arp-sync table
reset snmp-server arp-sync table
Use reset snmp-server arp-sync table to clear ARP entries synchronized through SNMP.
Syntax
reset snmp-server arp-sync table
Views
User view
Predefined user roles
network-admin
context-admin
Examples
# Clear ARP entries synchronized through SNMP.
<Sysname> reset snmp-server arp-sync table
Related commands
display snmp-server arp-sync table
snmp-server arp-sync { interval | timeout } *
Use snmp-server arp-sync { interval | timeout } * to set parameters for synchronizing APR entries through SNMP.
Use undo snmp-server arp-sync { interval | timeout } to restore the default.
Syntax
snmp-server arp-sync { interval interval | timeout time } *
undo snmp-server arp-sync { interval | timeout }
Default
The interval for sending SNMP requests is 5 seconds and the timeout for SNMP responses is 3 seconds.
Views
System view
Predefined user roles
network-admin
context-admin
Parameters
interval interval: Specifies the interval for sending SNMP requests in the range of 5 to 30 seconds.
timeout time: Specifies the timeout for SNMP responses in the range of 1 to 5 seconds.
Usage guidelines
With this feature configured, the device sends SNMP requests for ARP entry synchronization to the target Layer 3 device at the specified intervals. If the device does not receive an SNMP response before the timeout expires within the specified interval, the device re-sends SNMP requests.
Examples
# Set the interval for sending SNMP requests and the timeout for SNMP responses to 10 and 2 seconds, respectively.
<Sysname> system-view
[Sysname] snmp-server arp-sync interval 10 timeout 2
snmp-server arp-sync enable
Use snmp-server arp-sync enable to enable ARP entry synchronization through SNMP.
Use undo snmp-server arp-sync enable to disable ARP entry synchronization through SNMP.
Syntax
snmp-server arp-sync enable
undo snmp-server arp-sync enable
Default
ARP entry synchronization through SNMP is disabled.
Views
System view
Predefined user roles
network-admin
context-admin
Usage guidelines
With this feature enabled, the device acts as an NMS to learn all ARP entries on a Layer 3 device (agent) to obtain the MAC address of the Layer 3 device.
Examples
# Enable ARP entry synchronization through SNMP.
<Sysname> system-view
[Sysname] snmp-server arp-sync enable
snmp-server arp-sync target-host
Use snmp-server arp-sync target-host to configure the target Layer 3 device for ARP synchronization through SNMP.
Use undo snmp-server arp-sync target-host to remove the configuration of the target Layer 3 device for ARP synchronization through SNMP.
Syntax
SNMPv2c:
snmp-server arp-sync target-host address ip-address community { simple | cipher } community-name v2c
undo snmp-server arp-sync target-host address ip-address community { simple | cipher } community-name
SNMPv3:
snmp-server arp-sync target-host address ip-address usm-user v3 user-name [ { simple | cipher } authentication-mode { md5 | sha } auth-password [ privacy-mode des pri-password ] ]
undo snmp-server arp-sync target-host address ip-address usm-user v3 user-name
Default
No target Layer 3 device is configured for ARP synchronization through SNMP.
Views
System view
Predefined user roles
network-admin
contex-admin
Parameters
address ip-address: Specifies an IPv4 address of the target Layer 3 device.
simple: Specifies a community name in plaintext form. For security purposes, the community name specified in plaintext form will be stored in encrypted form.
cipher: Specifies a community name in encrypted form.
community-name: Specifies the community name. The plaintext form is a case-sensitive string of 1 to 32 characters. The encrypted form is a case-sensitive string of 33 to 73 characters. Input a string as escape characters after a backslash (\).
user-name: Specifies a username, a case-sensitive string of 1 to 32 characters.
simple: Specifies an authentication key and an encryption key in plaintext from. The keys will be converted to a digest in encrypted form and stored in the device.
cipher: Specifies an authentication key and an encryption key in encrypted form. The keys will be converted to a digest in encrypted form and stored in the device.
authentication-mode: Specifies an authentication algorithm. If you do not specify the keyword, the system does not perform authentication.
· md5: Specifies the HMAC-MD5 authentication algorithm. For information about the HMAC-MD5 algorithm, see IPsec configuration in VPN Instance Configuration Guide.
· sha: Specifies the HMAC-SHA1 authentication algorithm. For information about the HMAC-SHA1 algorithm, see IPsec configuration in VPN Instance Configuration Guide.
auth-password: Specifies an authentication key in plaintext form or encrypted form. This argument is case sensitive. The plaintext form of the key is a string of 8 to 64 characters.
privacy-mode: Specifies an encryption algorithm. If you do not specify this keyword, the system does not perform encryption.
des: Specifies the DES encryption algorithm that uses a 56-bit key.
priv-password: Specifies an encryption key in plaintext form or encrypted form. This argument is case sensitive. The plaintext form of the key is a string of 8 to 64 characters.
Usage guidelines
You can configure this command multiple times to specify multiple Layer 3 devices for ARP entry synchronization.
Examples
# Configure the device to use the plaintext form community name testCommunity to synchronize ARP entries from the Layer 3 device with IP address 10.1.1.1.
<Sysname> system-view
[Sysname] snmp-server arp-sync target-host address 10.1.1.1 community simple testCommunity v2c
# Configure the device to use username testUser to synchronize ARP entries from the Layer 3 device with IP address 10.1.1.1. Enable authentication and encryption for the user. Specify authentication algorithm HMAC-SHA1, encryption algorithm DES, plaintext-form authentication key 123456TESTauth&!, and plaintext-form encryption key 123456TESTencr&! for the user.
<Sysname> system-view
[Sysname] snmp-server arp-sync target-host address 10.1.1.1 usm-user v3 testUser simple authentication-mode sha 123456TESTauth&! privacy-mode des 123456TESTencr&!
