Login
- Table of Contents
-
- 07-Layer 3—IP Services Command Reference
- 00-Preface
- 01-ARP commands
- 02-IP addressing commands
- 03-DHCP commands
- 04-DNS commands
- 05-IP forwarding basics commands
- 06-Fast forwarding commands
- 07-Multi-CPU packet distribution commands
- 08-Adjacency table commands
- 09-IRDP commands
- 10-IP performance optimization commands
- 11-UDP helper commands
- 12-IPv6 basics commands
- 13-IPv6 neighbor discovery commands
- 14-DHCPv6 commands
- 15-IPv6 fast forwarding commands
- 16-WAAS commands
- 17-HTTP redirect commands
- 18-Web caching commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-ARP commands | 352.88 KB |
Contents
arp ip-unnumbered learning enable
arp mac-interface-consistency check enable
arp timer aging probe-interval
arp user-ip-conflict record enable
display arp user-ip-conflict record
gratuitous-arp mac-change retransmit
gratuitous-arp-learning enable
display arp suppression xconnect-group
reset arp suppression xconnect-group
ARP direct route advertisement commands
arp route-direct advertise delay
display arp route-direct advertise
Commands for disabling sending ARP requests when data packets trigger ARP resolution
ARP commands
arp check enable
Use arp check enable to enable dynamic ARP entry check.
Use undo arp check enable to disable dynamic ARP entry check.
Syntax
arp check enable
undo arp check enable
Default
Dynamic ARP entry check is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Dynamic ARP entry check disables a device from supporting dynamic ARP entries with multicast MAC addresses. The device cannot learn dynamic ARP entries containing multicast MAC addresses. You cannot manually add static ARP entries that contain multicast MAC addresses.
When dynamic ARP entry check is disabled, ARP entries containing multicast MAC addresses are supported. The device can learn dynamic ARP entries containing multicast MAC addresses obtained from the ARP packets sourced from a unicast MAC address. You can also manually add static ARP entries containing multicast MAC addresses.
Examples
# Enable dynamic ARP entry check.
<Sysname> system-view
[Sysname] arp check enable
arp check log enable
Use arp check log enable to enable the ARP logging feature.
Use undo arp check log enable to disable the ARP logging feature.
Syntax
arp check log enable
undo arp check log enable
Default
ARP logging is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This feature enables a device to log ARP events when ARP cannot resolve IP addresses correctly. The log information helps administrators locate and solve problems. The device can log the following ARP events:
· On a proxy ARP-disabled interface, the target IP address of a received ARP packet is not one of the following IP addresses:
¡ The IP address of the receiving interface.
¡ The virtual IP address of the VRRP group.
¡ The public IP address after NAT.
· The sender IP address of a received ARP reply conflicts with one of the following IP addresses:
¡ The IP address of the receiving interface.
¡ The virtual IP address of the VRRP group.
¡ The public IP address after NAT.
The device sends ARP log messages to the information center. You can use the info-center source command to specify the log output rules for the information center. For more information about information center, see System Management Configuration Guide.
The device can generate a large number of ARP logs. To conserve system resources, enable ARP logging only when you are auditing or troubleshooting ARP events.
Examples
# Enable ARP logging.
<Sysname> system-view
[Sysname] arp check log enable
arp ip-unique learning enable
Use arp ip-unique learning enable to enable unique ARP entry learning for the device to learn only one ARP entry for one IP address.
Use undo arp ip-unique learning enable to disable unique ARP entry learning for IP addresses.
Syntax
arp ip-unique learning enable
undo arp ip-unique learning enable
Default
Unique ARP entry learning for IP addresses is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Application scenarios
Unique ARP entry learning enables the device to learn only one ARP entry for one IP address. This feature prevents traffic loss that might occur in the IP numbered scenario because two ARP entries exist for an endpoint after it moves between interfaces of the same IP address.
After you configure one interface to borrow an IP address from another interface by using the ip address unnumbered command, the two interfaces have the same IP address. If an endpoint moves from one of the interfaces to another with its IP address unchanged, the device will learn a new ARP entry for the same IP address with a different interface than the ARP entry learned before endpoint movement. This will cause loss of packets destined for the endpoint, because the FIB entry for the endpoint is generated based on the ARP entry generated earlier for it.
Operating mechanism
With unique ARP entry learning enabled, the device deletes the existing ARP entry for an IP address when it learns a new ARP entry with a different interface than the existing entry for that IP address. This ensures that the outgoing interface in the FIB entry for the client is the one to which the endpoint is attached.
Examples
# Enable unique ARP entry learning.
<Sysname> system-view
[Sysname] arp ip-unique learning enable
Related commands
ip address unnumbered
arp ip-unnumbered learning enable
Use arp ip-unnumbered learning enable to enable an IP unnumbered interface to learn ARP entries for different subnets.
Use undo arp ip-unnumbered learning enable to disable an IP unnumbered interface from learning ARP entries for different subnets.
Syntax
arp ip-unnumbered learning enable [ source-address ip-address ]
undo arp ip-unnumbered learning enable
Default
An IP unnumbered interface cannot learn ARP entries for different subnets.
Views
Interface view
Predefined user roles
network-admin
Parameters
source-address ip-address: Specifies the sender IP address in an ARP request sent by the IP unnumbered interface. If you do not specify this option, the sender IP address in the ARP request is the borrowed IP address.
Usage guidelines
Application scenarios
An IP unnumbered interface might be unable to learn the ARP entry for the peer device if the unnumbered interface and the remote device are on different subnets. This is because some devices treat an ARP request as illegal and do not return a reply if the sender and target IP addresses in that ARP request are on different subnets.
To ensure communication between them, use this feature on the IP unnumbered interface to specify a sender IP address on the same subnet as the IP address of the peer interface on the remote device.
Restrictions and guidelines
This feature takes effect only on IP unnumbered interfaces, which are configured with the ip address unnumbered command.
To avoid ARP learning anomalies, do not execute the arp ip-unnumbered learning enable command on a non-IP-unnumbered interface.
If you disable an IP unnumbered interface from learning ARP entries for different subnets, the device deletes the existing ARP entries learned for different subnets after they age out.
Examples
# Configure GigabitEthernet 1/0/1 to borrow the IP address of GigabitEthernet 1/0/2, and enable GigabitEthernet 1/0/1 to learn ARP entries for different subnets.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] ip address unnumbered interface gigabitethernet 1/0/2
[Sysname-GigabitEthernet1/0/1] arp ip-unnumbered learning enable
Related commands
ip address unnumbered
arp mac-interface-consistency check enable
Use arp mac-interface-consistency check enable to enable interface consistency check between ARP and MAC address entries.
Use undo arp mac-interface-consistency check enable to disable interface consistency check between ARP and MAC address entries.
Syntax
arp mac-interface-consistency check enable
undo arp mac-interface-consistency check enable
Default
Interface consistency check between ARP and MAC address entries is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
In an unstable network, the receiving interface for packets from a user might change. The interface in the MAC address entry can be updated immediately while the interface in the ARP entry cannot. In this case, the packets matching the ARP entry will be sent out of an incorrect interface. To solve this problem, you can use this feature to periodically check the interface consistency between the ARP and MAC address entry for a user. If the interfaces are not the same, ARP sends ARP requests in the VLAN of the ARP entry and updates the entry with the ARP reply receiving interface.
Use the display mac-address command to display MAC address entries.
Examples
# Enable interface consistency check between ARP and MAC address entries.
<Sysname> system-view
[Sysname] arp mac-interface-consistency check enable
Related commands
display mac-address (Layer 2—LAN Switching Command Reference)
arp max-learning-num
Use arp max-learning-num to set the dynamic ARP learning limit for an interface.
Use undo arp max-learning-num to restore the default.
Syntax
arp max-learning-num max-number [ alarm alarm-threshold ]
undo arp max-learning-num
Default
|
MPU model |
Default |
|
MSU-100 |
16384 |
|
MSU-200 |
16384 |
|
MSU-400-G |
204800 |
Views
Layer 3 Ethernet interface view
Layer 3 Ethernet subinterface view
Layer 3 aggregate interface view
Layer 3 aggregate subinterface view
S-channel interface/S-channel aggregate interface/S-channel bundle interface view
EVB VSI interface/EVB VSI aggregate interface view
VXLAN VSI interface view
VLAN interface view
Predefined user roles
network-admin
Parameters
max-number: Specifies the maximum number of dynamic ARP entries for an interface.
The following compatibility matrix shows the value ranges for the dynamic ARP learning limit for an interface:
|
MPU model |
Value range |
|
MSU-100 |
0 to 16384 |
|
MSU-200 |
0 to 16384 |
|
MSU-400-G |
0 to 204800 |
alarm alarm-threshold: Specifies an alarm threshold for dynamic ARP learning, in percentage. The value range for the alarm-threshold argument is 1 to 100. The device generates a log message when the number of dynamic ARP entries learned on an interface reaches the value calculated by using the (max-number × alarm-threshold)/100 formula. If you do not specify an alarm threshold, the device does not generate log messages.
Usage guidelines
An interface can dynamically learn ARP entries. To prevent an interface from holding too many ARP entries, you can set the maximum number of dynamic ARP entries that the interface can learn. When the maximum number is reached, the interface stops learning ARP entries.
When the number argument is set to 0, the interface is disabled from learning dynamic ARP entries.
Examples
# Specify VLAN-interface 40 to learn a maximum of 10 dynamic ARP entries.
<Sysname> system-view
[Sysname] interface vlan-interface 40
[Sysname-Vlan-interface40] arp max-learning-num 10
# Specify GigabitEthernet 1/0/1 to learn a maximum of 10 dynamic ARP entries.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] arp max-learning-num 10
# Specify Layer 3 aggregate interface Route-Aggregation 1 to learn a maximum of 10 dynamic ARP entries.
<Sysname> system-view
[Sysname] interface route-aggregation 1
[Sysname-Route-Aggregation1] arp max-learning-num 10
arp max-learning-number
Use arp max-learning-number to set the dynamic ARP learning limit for a device.
Use undo arp max-learning-number to restore the default.
Syntax
arp max-learning-number max-number slot slot-number
undo arp max-learning-number slot slot-number
Default
|
MPU model |
Default |
|
MSU-100 |
16384 |
|
MSU-200 |
16384 |
|
MSU-400-G |
204800 |
Views
System view
Predefined user roles
network-admin
Parameters
max-number: Specifies the maximum number of dynamic ARP entries for a device. The value range for this argument varies by device model.
The following compatibility matrix shows the value ranges for the maximum number of dynamic ARP entries:
|
MPU model |
Value ranges |
|
MSU-100 |
0 to 16384 |
|
MSU-200 |
0 to 16384 |
|
MSU-400-G |
0 to 204800 |
slot slot-number: Specifies a card by its slot number.
Usage guidelines
A device can dynamically learn ARP entries. To prevent a device from holding too many ARP entries, you can set the maximum number of dynamic ARP entries that the device can learn. When the maximum number is reached, the device stops learning ARP entries.
When the number argument is set to 0, the device is disabled from learning dynamic ARP entries.
Examples
# Configure the device to learn a maximum of 64 dynamic ARP entries.
<Sysname> system-view
[Sysname] arp max-learning-number 64
arp mode uni
Use arp mode uni to configure a port as a customer-side port.
Use undo arp mode to restore the default.
Syntax
arp mode uni
undo arp mode
Default
A port operates as a network-side port.
Views
VLAN interface view
VXLAN VSI interface view
Predefined user roles
network-admin
Usage guidelines
By default, the device associates an ARP entry with routing information when the device learns an ARP entry. The ARP entry provides the next hop information for routing. To save hardware resources, you can use this command to specify a port that connects to a user terminal as a customer-side port. The device will not associate the routing information with the learned ARP entries.
Examples
# Configure VLAN-interface 2 as a customer-side port.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] arp mode uni
arp smooth
Use arp smooth to synchronize ARP entries from the active MPU to all other cards.
Syntax
arp smooth
Views
User view
Predefined user roles
network-admin
Examples
# Synchronize ARP entries from the active MPU to all other cards.
<Sysname> arp smooth
arp static
Use arp static to configure a static ARP entry.
Use undo arp to delete an ARP entry.
Syntax
arp static ip-address mac-address [ vlan-id interface-type interface-number ] [ vpn-instance vpn-instance-name ] [ description text ]
undo arp ip-address [ vpn-instance-name ]
Default
No static ARP entries exist.
Views
System view
Predefined user roles
network-admin
Parameters
ip-address: Specifies an IP address for the static ARP entry.
mac-address: Specifies a MAC address for the static ARP entry, in the format of H-H-H.
vlan-id: Specifies the ID of a VLAN to which the static ARP entry belongs. The value range is 1 to 4094.
interface-type interface-number: Specifies an interface by its type and number.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the static ARP entry belongs. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters. The VPN instance must already exist. To specify a static ARP entry on the public network, do not specify this option.
description text: Specifies the description for the static ARP entry, a case-sensitive string of 1 to 255 characters.
Usage guidelines
A static ARP entry is manually configured and maintained. It does not age out and cannot be overwritten by any dynamic ARP entry.
Static ARP entries can be short or long.
A resolved short static ARP entry might become unresolved upon certain events, for example, when the resolved output interface goes down, or the corresponding VLAN or VLAN interface is deleted.
Long static ARP entries can be effective or ineffective. Ineffective long static ARP entries cannot be used for packet forwarding. A long static ARP entry is ineffective when any of the following conditions exists:
· The IP address in the entry conflicts with a local IP address.
· No local interface has an IP address in the same subnet as the IP address in the ARP entry.
If you specify the vlan-id interface-type interface-number argument, follow these restrictions and guidelines:
· The interface can be an Ethernet interface or an aggregate interface.
· The VLAN and VLAN interface must already exist. The specified Ethernet interface must belong to the specified VLAN.
· The IP address of the VLAN interface and the IP address specified by the ip-address argument must be on the same network.
· A long static ARP entry in a VLAN is deleted if the VLAN or VLAN interface is deleted.
Examples
# Configure a long static ARP entry that contains IP address 202.38.10.2, MAC address 00e0-fc01-0000, and output interface GigabitEthernet 1/0/1 in VLAN 10.
<Sysname> system-view
[Sysname] arp static 202.38.10.2 00e0-fc01-0000 10 gigabitethernet 1/0/1
Related commands
display arp
reset arp
arp timer aging
Use arp timer aging to set the aging timer for dynamic ARP entries.
Use undo arp timer aging to restore the default.
Syntax
arp timer aging { aging-minutes | second aging-seconds }
undo arp timer aging
Default
In system view, the aging timer for dynamic ARP entries is 20 minutes.
In interface view, the aging timer for dynamic ARP entries is the aging timer set in system view.
Views
System view
Layer 3 Ethernet interface view
Layer 3 Ethernet subinterface view
Layer 3 aggregate interface view
Layer 3 aggregate subinterface view
VSI interface view
VLAN interface view
Predefined user roles
network-admin
Parameters
aging-minutes: Specifies the aging timer in minutes. The value range for this argument is 1 to 1440.
second aging-seconds: Specifies the aging timer in seconds. The value range for the aging-seconds argument is 5 to 86400.
Usage guidelines
Application scenarios
Each dynamic ARP entry in the ARP table has a limited lifetime, called an aging timer. The aging timer of a dynamic ARP entry is reset each time the dynamic ARP entry is updated. Dynamic ARP entries that are not updated upon expiration of their aging timers are deleted from the ARP table.
You can set the aging timer for dynamic ARP entries to ensure that dynamic ARP entries are updated in a timely manner.
Restrictions and guidelines
You can set the aging timer for dynamic ARP entries in system view or in interface view. The aging timer set in interface view takes precedence over the aging timer set in system view.
Set the aging timer for dynamic ARP entries as needed. For example, when you configure proxy ARP, set a short aging time so that invalid dynamic ARP entries can be deleted in a timely manner.
Examples
# Set the aging timer for dynamic ARP entries to 10 minutes.
<Sysname> system-view
# Set the aging timer for dynamic ARP entries to 200 seconds.
<Sysname> system-view
[Sysname] arp timer aging second 200
# Set the aging timer for dynamic ARP entries to 200 seconds on GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] arp timer aging second 200
Related commands
display arp timer aging
arp timer aging probe-count
Use arp timer aging probe-count to set the maximum number of probes for dynamic ARP entries.
Use undo arp timer aging probe-count to restore the default.
Syntax
arp timer aging probe-count count
undo arp timer aging probe-count
Default
In system view, the maximum number of probes for dynamic ARP entries is 3.
In interface view, the maximum number of probes for dynamic ARP entries is that set in system view.
Views
System view
Layer 3 Ethernet interface view
Layer 3 Ethernet subinterface view
Layer 3 aggregate interface view
Layer 3 aggregate subinterface view
VSI interface view
Predefined user roles
network-admin
Parameters
count: Specifies the maximum number of probes. The value range for this argument is 0 to 10. To disable the device from probing dynamic ARP entries, set the value to 0.
Usage guidelines
Dynamic ARP entry probing prevents legal dynamic ARP entries from aging out, avoiding unnecessary ARP resolution in forwarding.
This probe feature sends ARP requests for the IP address in a dynamic ARP entry before it ages out.
· If the device receives an ARP reply before the entry aging timer expires, the device resets the aging timer.
· If the device makes the maximum number of probes without receiving a reply, the device deletes the entry when the entry aging timer expires.
You can set the maximum number of probes in system view and in interface view. The setting in interface view takes precedence over that in system view.
Examples
# Configure the device to perform a maximum of five probes for dynamic ARP entries.
<Sysname> system-view
[Sysname] arp timer aging probe-count 5
# Configure the device to perform a maximum of five probes for dynamic ARP entries on GigabitEthernet 1/0/1. (on routers)
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet 1/0/1] arp timer aging probe-count 5
Related commands
arp timer aging
arp timer aging probe-interval
arp timer aging probe-interval
Use arp timer aging probe-interval to set the interval for probing dynamic ARP entries.
Use undo arp timer aging probe-interval to restore the default.
Syntax
arp timer aging probe-interval interval
undo arp timer aging probe-interval
Default
In system view, the probe interval is 5 seconds.
In interface view, the probe interval is that set in system view.
Views
System view
Layer 3 Ethernet interface view
Layer 3 Ethernet subinterface view
Layer 3 aggregate interface view
Layer 3 aggregate subinterface view
VSI interface view
VLAN interface view
Predefined user roles
network-admin
Parameters
interval: Specifies the probe interval, in seconds. The value range is 1 to 60.
Usage guidelines
Dynamic ARP entry probing prevents legal dynamic ARP entries from aging out, avoiding unnecessary ARP resolution in forwarding.
Before a dynamic ARP entry ages out, the device sends ARP requests for the IP address in the ARP entry.
· If the device receives an ARP reply before a probe interval expires, the device resets the aging timer.
· If the device has not received an ARP reply when a probe interval expires, the device starts a new probe.
· If the device makes the maximum number probes without receiving an ARP reply, the device deletes the entry.
You can set the probe interval in system view and in interface view. The probe interval in interface view takes precedence over the probe interval in system view.
Examples
# Set the probe interval to 10 seconds for dynamic ARP entries.
<Sysname> system-view
[Sysname] arp timer aging probe-interval 10
# Set the probe interval to 10 seconds for dynamic ARP entries on GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet 1/0/1] arp timer aging probe-interval 10
Related commands
arp timer aging
arp timer aging probe-count
arp user-ip-conflict record enable
Use arp user-ip-conflict record enable to enable recording user IP address conflicts.
Use undo arp user-ip-conflict record enable to disable recording user IP address conflicts.
Syntax
arp user-ip-conflict record enable
undo arp user-ip-conflict record enable
Default
Recording user IP address conflicts is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This feature enables the device to detect and record user IP address conflicts. The device determines that a conflict occurs if an incoming ARP packet has the same sender IP address as an existing ARP entry but a different sender MAC address. The device generates a user IP address conflict record, logs the conflict, and sends the log to the information center. For information about the log destination and output rule configuration, see the information center in System Management Configuration Guide.
A card can generate a maximum of 10 user IP address conflict logs per second.
To display user IP address conflict records, use the display arp user-ip-conflict record command.
Examples
# Enable recording user IP address conflicts.
<Sysname> system-view
[Sysname] arp user-ip-conflict record enable
Related commands
display arp user-ip-conflict record
arp user-move record enable
Use user-move record enable to enable recording user port migrations.
Use undo arp user-move record enable to disable recording user port migrations.
Syntax
arp user-move record enable
undo arp user-move record enable
Default
Recording user port migrations is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Each card can generate a maximum of 10 user port migration logs per second.
To display user port migration records, use the display arp user-move record command.
Examples
# Enable recording user port migration.
<Sysname> system-view
[Sysname] arp user-move record enable
Related commands
display arp user-move record
display arp
Use display arp to display ARP entries.
Syntax
display arp [ [ all | dynamic | static ] [ slot slot-number ] | vlan vlan-id | interface interface-type interface-number ] [ count | verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Displays all ARP entries.
dynamic: Displays dynamic ARP entries.
static: Displays static ARP entries.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays ARP entries for the active MPU.
vlan vlan-id: Specifies a VLAN by its VLAN ID. The VLAN ID is in the range of 1 to 4094.
interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays ARP entries for all interfaces.
count: Displays the number of ARP entries.
verbose: Displays detailed information about ARP entries.
Usage guidelines
This command displays information about static and dynamic ARP entries, including the IP address, MAC address, VLAN ID, output interface, entry type, and aging timer.
Examples
# Display all ARP entries.
Type: S-Static D-Dynamic O-Openflow R-Rule I-Invalid
IP address MAC address VLAN/VSI name Interface Aging Type
1.1.1.1 02e0-f102-0023 1 GE1/0/1 -- S
1.1.1.2 00e0-fc00-0001 12 GE1/0/2 960 D
1.1.1.3 00e0-fe50-6503 vsi1 Tunnel1 960 D
# Display detailed information about all ARP entries.
<Sysname> display arp all verbose
Type: S-Static D-Dynamic O-Openflow R-Rule I-Invalid
IP address : 1.1.1.1 MAC address : 02e0-f102-0023
Type : Static Aging : --
Interface : GE1/0/1 SVLAN/CVLAN : 1/--
VPN instance : --
Link ID : --
Service instance : --
VXLAN ID : --
VSI name : --
VSI interface : --
IP address : 1.1.1.2 MAC address : 00e0-fc00-0001
Type : Dynamic Aging : 960 seconds
Interface : GE1/0/2 SVLAN/CVLAN : 12/--
VPN instance : --
Link ID : --
Service instance : --
VXLAN ID : --
VSI name : --
VSI interface : --
IP address : 1.1.1.3 MAC address : 00e0-fe50-6503
Type : Dynamic Aging : 960 seconds
Interface : Tunnel1 SVLAN/CVLAN : 12/--
VPN instance : --
Link ID : --
Service instance : --
VXLAN ID : --
VSI name : vsi1
VSI interface : --
# Display the number of all ARP entries.
<Sysname> display arp all count
Total number of entries : 3
Table 1 Command output
|
Field |
Description |
|
IP address |
IP address in an ARP entry. |
|
MAC address |
MAC address in an ARP entry. |
|
VLAN/VSI name |
ID of the VLAN or name of the VSI to which an ARP entry belongs. This field displays hyphens (--) in either of the following situations: · The ARP entry is an unresolved short static ARP entry. · The output interface of the ARP entry does not belong to any SVLAN or VSI. |
|
Interface |
Output interface in an ARP entry. This field displays hyphens (--) if the ARP entry is an unresolved short static ARP entry. |
|
Aging |
Aging time for an ARP entry, in seconds. · For a static ARP entry, this field always displays hyphens (--). The static ARP entry never ages out unless you delete it manually. · For a dynamic ARP entry, this field displays hyphens (--) if the aging time is unknown. |
|
Type |
ARP entry type: · D—Dynamic. · S—Static. · O—OpenFlow. · R—Rule. · I—Invalid. |
|
SVLAN/CVLAN |
ID of the SVLAN or CVLAN to which the ARP entry belongs. This field displays hyphens (--) in either of the following situations: · The ARP entry is an unresolved short static ARP entry. · The output interface of the ARP entry does not belong to any SVLAN or CVLAN. |
|
VPN instance |
Name of VPN instance. This field displays hyphens (--) if no VPN instance is configured for the ARP entry. |
|
Link ID |
Link ID in an ARP entry. This field displays hyphens (--) if the ARP entry does not belong to any VSI. |
|
Service instance |
Ethernet service instance in an ARP entry. This field displays hyphens (--) if no Ethernet service instance is specified for the Layer 2 Ethernet interface or Layer 2 aggregate interface in the ARP entry. |
|
VXLAN ID |
VXLAN ID (also called VNI). This field displays hyphens (--) if the ARP entry does not belong to any VXLAN. |
|
VSI name |
Name of the VSI to which the ARP entry belongs. This field displays hyphens (--) if the ARP entry does not belong to a specific VSI. |
|
VSI interface |
VSI interface specified for the VSI. This field displays hyphens (--) if no VSI interface is specified for the VSI. |
|
Total number of entries |
Number of ARP entries. |
Related commands
arp static
reset arp
display arp diff
Use display arp diff to display the differences in ARP entries between the specified slots.
Syntax
display arp diff [ all | [ vpn-instance vpn-instance-name ] [ ip-address ] ] slot slot-number1 slot slot-number2
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Displays ARP entry differences on the public network and all private networks.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. The VPN instance name cannot contain spaces. If you do not specify a VPN instance, this command displays ARP entry differences on the public network.
ip-address: Displays differences for ARP entries that exactly match the specified IP address. If you do not specify an IP address, this command displays differences for all ARP entries.
slot slot-number1 slot slot-number2: Specifies two cards by slot number.
Usage guidelines
Application scenarios
Entry inconsistency between cards might cause packet loss between an MPU and interface card, slow packet processing of interface cards, or too many packets in queues on interface cards. To avoid such an issue, you can use this command to display ARP entry differences between the specified slots.
Operating mechanism
If you specify none of the all, vpn-instance vpn-instance-name, and ip-address parameters, this command displays the differences in ARP entries on the public network.
Restrictions and guidelines
When you execute this command, you must specify two different slots.
Examples
# Display the differences in ARP entries between the specified slots on the public network and all private networks.
<Sysname> dis arp diff all slot 0 slot 1
--- Slot 0 CPU 0
+++ Slot 1 CPU 0
@@ -1,3 +0,0 @@
-
-IP:10.0.0.2 Interface:GE1/0/1
-IP:10.0.0.2 Interface:GE1/0/2
\ No newline at end of file
+IP:10.0.0.4 Interface:GE1/0/1
+IP:10.0.0.4 Interface:GE1/0/2
\ No newline at end of file
Table 2 Command output
|
Field |
Description |
|
Slot |
· --- Slot—The first slot specified for comparison. · +++ Slot—The second slot specified for comparison. |
|
CPU |
ID of the CPU on the card. |
|
IP |
IP address of the ARP entry. The minus sign (-) before this field indicates that the entry belongs to the first specified slot. The plus sign (+) before this field indicates that the entry belongs to the second specified slot. |
|
Interface |
Output interface for the ARP entry. |
|
\ No newline at end of file |
All ARP entry differences on the specified slot have been printed. |
display arp entry-limit
Use display arp entry-limit to display the maximum number of ARP entries that a device supports.
Syntax
display arp entry-limit
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the maximum number of ARP entries that the device supports.
<Sysname> display arp entry-limit
ARP entries: 2048
display arp ip-address
Use display arp ip-address to display the ARP entry for an IP address.
Syntax
display arp ip-address [ slot slot-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ip-address: Displays the ARP entry for the specified IP address.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information for the active MPU.
verbose: Displays the detailed information about the specified ARP entry.
Usage guidelines
The ARP entry information includes the IP address, MAC address, VLAN ID, output interface, entry type, and aging timer.
Examples
# Display the ARP entry for the IP address 20.1.1.1.
<Sysname> display arp 20.1.1.1
Type: S-Static D-Dynamic O-Openflow R-Rule I-Invalid
IP address MAC address VLAN/VSI name Interface Aging Type
20.1.1.1 00e0-fc00-0001 N/A -- -- S
Related commands
arp static
reset arp
display arp log
Use display arp log to display brief ARP log information.
Syntax
display arp log [ interface interface-type interface-number | ip ip-address ] [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface: Displays the ARP log information for the specified interface.
ip: Displays the ARP log information for the specified IP address.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays ARP logs for the active MPU.
Examples
# Display brief information about all ARP log entries.
<Sysname> display arp log
Operate : ADD Reason : ADDBYMSG
Mac : 0000-0000-0000 Interface: GE2/0/1
SVLAN : 65535 IP : 1.1.1.2
CVLAN : 65535 Time : Oct 28 22:22:02 2022
Operate : ADD Reason : ADDBYMSG
Mac : 0000-0000-0000 Interface: GE2/0/1
SVLAN : 65535 IP : 1.1.1.1
CVLAN : 65535 Time : Oct 28 22:22:02 2022
Table 3 Command output
|
Field |
Description |
|
Operate |
ARP entry operation type: · ADD—Add an entry to the table. · MOD—Modify an existing entry in the table. · DEL—Delete an entry from the table. |
|
Reason |
Source of the ARP log entry: · DRNIMSG—Added in response to an ARP entry update message from the M-LAG module. · STATICFIX—Added in response to conversion of a dynamic ARP entry to a static one. · PKTLEARN—Added by learning from an ARP packet. · STATICMSG—Added through static configuration. · ADDBYRULE—Added by the IPoE or portal feature. · ADDBYOP—Added by the OpenFlow feature. · ADDBYMSG—Added through ARP entry synchronization. · ADDWADJ—Added in response to an IPv4 adjacency entry refresh message sent by the WAN link adjacency table module. · ADDWADJSYN—Added in response to an inter-card IPv4 adjacency entry synchronization message sent by the WAN link adjacency table module. · DRVRELOAD—Added in response to the ARP update operation done in the driver. · STATICEVENT—Added through ARP entry update in response to a long static entry event. · SYNCWITHDRV—Added in synchronization with the driver. · RELOADBYPW—Added in response to the PW reload operation. · RELOADBYMMAC— Added through ARP entry refresh triggered by the MultiMac module. · RELOADBYRB—Added through ARP entry refresh triggered by the RB module. · DELBYCFG—Manually deleted. · DELBYIPVRF—Deleted in bulk. · DELBYVSRP—Deleted by VSRP. · DELBYNODUMMY—Deleted due to lack of a DUMMY entry. · DELBYSMOOTH—Deleted upon ARP entry smoothing. · DELBYSMOOTHFILTER—Deleted through filtering in an ARP entry smooth operation. · DELCONFIGIPIF—Deleted upon an IPv4 address or interface conflict. · DELARPSYN—Deleted upon an inter-card ARP entry synchronization. · DELWADJMSG—Deleted upon deletion of the corresponding IPv4 adjacency entry from the WAN link adjacency table. · DELWADJIFMSG—Deleted by interface upon deletion of the corresponding IPv4 adjacency entry from the WAN link adjacency table. · DELWADJBI—Deleted upon reception of the entry deletion message sent from the WAN link adjacency table module to the link layer in the kernel. · DELWADJDUMMY—Deleted upon deletion of the corresponding DUMMY entry by the WAN link adjacency table module. · DELWADJIFEVENT—Deleted upon deletion of the corresponding IPv4 adjacency entry done by the WAN link adjacency table module in response to an interface event. · DELWADJALL—Deleted upon deletion of all IPv4 adjacency entries from the WAN link adjacency table. · DELWADJ—Deleted upon deletion of the corresponding IPv4 adjacency entry from the WAN link adjacency table. · DELWADJSAGE—Deleted upon deletion of the corresponding IPv4 adjacency entry that had aged out from the WAN link adjacency table. · DELWADJIFSYN—Deleted upon deletion of the corresponding IPv4 adjacency entry from the WAN link adjacency table in response to interface entry synchronization. · DELWADJSYNMSG—Deleted upon deletion of the corresponding IPv4 adjacency entry from the WAN link adjacency table in response to inter-card entry synchronization. · DELWADJSMOOTH—Deleted upon deletion of the corresponding IPv4 adjacency entry because of entry smoothing done by the WAN link adjacency table module. · DELWADJPULLFINISH—Deleted upon deletion of the corresponding IPv4 adjacency entry after the WAN link adjacency table module successfully obtained entries in bulk. · DELPORTLVLAN—Deleted upon removal of the port from the VLAN. · DELVLANMODCHG—Deleted upon VLAN mode change. · DELLIMIT—Deleted because the number of ARP entries has reached the limit. · DELARPBYOPIF—Deleted upon deletion of the interface. · DELARPVLANEVENT—Deleted upon a VLAN event. · DELARPSTATUS—Deleted upon ARP entry status change. · DELARPBYIPIF—Deleted by specify the IPv4 address or interface. · DELARPBYIFMAP—Deleted upon an interface mapping operation. · DELARPBYIFDOWN— Deleted because the interface went down. · DELARPBYIFAGG—Deleted because the interface was added to a link aggregation group. · DELARPBYNODE—Deleted upon deletion of ARP entries by slot. · DELARPBYALL—Deleted upon deletion of all ARP entries. · DELARPBYALLEM—Deleted upon deletion of all ARP entries from non-management interfaces. · DELARPBYPW—Deleted upon deletion of ARP entries from a PW. · DELARPBYPWVSI—Deleted upon deletion of ARP. entries done by PWVSI. · DELARPBYMACNOTIFY—Deleted upon reception of ARP entries from MAC. · DELARPBYRB—Deleted upon a RB action. · DELARPBYTCPKEEP—Deleted because of the topology change notification (TCN) flag. · DELARPBYSTATICFIX—Deleted upon conversion of a dynamic entry to a static entry. · DELBYPULLFINISH—Deleted upon a successful batch data pull. · DELSTATICCONFLICT—Deleted upon a static configuration conflict. |
|
IP |
IP address in the ARP entry. |
|
Mac |
MAC address in the ARP entry. |
|
Interface |
Name of the outgoing interface in the ARP entry. |
|
SVLAN |
Service provider VLAN. |
|
CVLAN |
Customer VLAN. |
|
Time |
Timestamp of log creation. |
display arp openflow count
Use display arp openflow count to display the number of OpenFlow ARP entries.
Syntax
display arp openflow count [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the number of OpenFlow ARP entries for the active MPU.
Examples
# Display the number of OpenFlow ARP entries.
<Sysname> display arp openflow count
Total number of OpenFlow ARP entries: 6
display arp timer aging
Use display arp timer aging to display the aging timer of dynamic ARP entries.
Syntax
display arp timer aging
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
This command always displays the aging time in seconds no matter which unit you set in the arp timer aging command.
Examples
# Display the aging timer of dynamic ARP entries.
<Sysname> display arp timer aging
Current ARP aging time is 1200 seconds
Related commands
arp timer aging
display arp usage
Use display arp usage to display the ARP table usage.
Syntax
display arp usage
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
This command displays the maximum number of ARP entries supported on the device in addition to the history ARP table usage. You can use this command to monitor the number of ARP entries on the device and to determine whether ARP flood attacks exist on the network.
The device can display the ARP table usage only in the most recent hour.
Examples
# Display the ARP table usage.
<Sysname> display arp usage
ARP table upper limit: 65000
Time ARP entry count Usage
Current 52000 80%
1 min ago 51351 79%
2 min ago 50711 78%
3 min ago 47748 77%
…
59 min ago 13656 21%
60 min ago 13007 20%
Table 4 Command output
|
Field |
Description |
|
ARP table upper limit |
Maximum number of ARP entries supported on the device. |
|
Time |
Time when the number of ARP entries was counted. This field displays Current if the number of ARP entries was counted just now. |
|
ARP entry count |
Number of ARP entries. |
|
Usage |
ARP table usage, which is the ratio of the real-time ARP entry count to the ARP table upper limit. |
display arp user-ip-conflict record
Use display arp user-ip-conflict record to display user IP address conflict records.
Syntax
display arp user-ip-conflict record [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays user IP address conflict records for the active MPU.
Usage guidelines
Each card can save a maximum of 200 user IP address conflict records.
If the maximum number is reached, a new record will override the earliest record.
Examples
# Display all user IP address conflict records.
<Sysname> display arp user-ip-conflict record
IP address: 10.1.1.1
System time: 2018-02-02 11:22:29
Conflict count: 1
Log suppress count: 0
Old interface: GigabitEthernet1/0/1
New interface: GigabitEthernet1/0/2
Old SVLAN/CVLAN: 100/2
New SVLAN/CVLAN: 100/2
Old MAC: 00e0-ca63-8141
New MAC: 00e0-ca63-8142
IP address: 10.1.1.2
System time: 2018-02-02 10:20:30
Conflict count: 1
Log suppress count: 0
Old interface: GigabitEthernet1/0/1
New interface: GigabitEthernet1/0/2
Old SVLAN/CVLAN: 100/--
New SVLAN/CVLAN: 100/--
Old MAC: 00e0-ca63-8141
New MAC: 00e0-ca63-8142
Table 5 Command output
|
Field |
Description |
|
IP address |
IP address of a user. |
|
System time |
Time when the user IP address conflict occurred. |
|
Conflict count |
Number of times that conflicts for the IP address. |
|
Log suppress count |
Number of times that user IP address conflict logs are suppressed. |
|
Old interface |
Output interface in the old ARP entry. |
|
New interface |
Output interface in the new ARP entry. |
|
Old SVLAN/CVLAN |
ID of the outer VLAN or inner VLAN in the old ARP entry. This field displays hyphens (--) if the ARP entry does not belong to any outer VLAN or inner VLAN. |
|
New SVLAN/CVLAN |
ID of the outer VLAN or inner VLAN in the new ARP entry. This field displays hyphens (--) if the ARP entry does not belong to any outer VLAN or inner VLAN. |
|
Old MAC |
MAC address in the old ARP entry. |
|
New MAC |
MAC address in the new ARP entry. |
Related commands
arp user-ip-conflict record enable
display arp user-move record
Use display arp user-move record to display user port migration records.
Syntax
display arp user-move record [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays user port migration records for the active MPU.
Usage guidelines
Each card can save a maximum of 200 user port migration records.
When the number of user port migration records reaches the upper limit, new records will overwrite the earliest ones.
Examples
# Display all user port migration records.
<Sysname> display arp user-move record
IP address: 10.1.1.1
MAC address: 0001-0201-0e81
System time: 2018-02-02 11:22:29
Move count: 1
Log suppress count: 0
Before:
interface: GigabitEthernet1/0/1
SVLAN/CVLAN: 100/2
After:
interface: GigabitEthernet1/0/2
SVLAN/CVLAN: 100/2
IP address: 10.1.1.2
MAC address: 0001-0201-0e82
System time: 2018-02-02 10:20:30
Move count: 1
Log suppress count: 0
Before:
interface: GigabitEthernet1/0/1
SVLAN/CVLAN: 100/--
After:
interface: GigabitEthernet1/0/2
SVLAN/CVLAN: 100/--
Table 6 Command output
|
Field |
Description |
|
IP address |
IP address of the user. |
|
MAC address |
MAC address of the user. |
|
System time |
Time when the user port migration occurred. |
|
Move count |
Number of times that user port migrated. |
|
Log suppress count |
Number of times that the generation of user port migration logs is suppressed. |
|
Interface |
Output interface in the ARP entry. |
|
SVLAN/CVLAN |
ID of the outer VLAN or inner VLAN in the ARP entry. This field displays hyphens (--) if the ARP entry does not belong to any outer VLAN or inner VLAN. |
Related commands
arp user-move record enable
display arp vpn-instance
Use display arp vpn-instance to display the ARP entries for a VPN instance.
Syntax
display arp vpn-instance vpn-instance-name [ count ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. The VPN instance name cannot contain any spaces.
count: Displays the number of ARP entries.
Usage guidelines
This command displays information about ARP entries for a VPN instance, including the IP address, MAC address, VLAN ID, output interface, entry type, and aging timer.
Examples
# Display ARP entries for VPN instance test.
<Sysname> display arp vpn-instance test
Type: S-Static D-Dynamic O-Openflow R-Rule I-Invalid
IP address MAC address VLAN/VSI name Interface Aging Type
20.1.1.1 00e0-fc00-0001 -- -- -- S
arp static
reset arp
reset arp
Use reset arp to clear ARP entries from the ARP table.
Syntax
reset arp { all | dynamic | interface interface-type interface-number | slot slot-number | static }
Views
User view
Predefined user roles
network-admin
Parameters
all: Clears all ARP entries.
dynamic: Clears all dynamic ARP entries.
static: Clears all static ARP entries.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears ARP entries for the active MPU.
interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command clears ARP entries for all interfaces.
Usage guidelines
|
|
CAUTION: The reset arp command will clear existing ARP entries from the ARP table. It might cause that external users cannot quickly communicate with the LAN users. |
Examples
# Clear all static ARP entries.
<Sysname> reset arp static
Related commands
arp static
display arp
Gratuitous ARP commands
arp ip-conflict log prompt
Use arp ip-conflict log prompt to enable IP conflict notification.
Use undo arp ip-conflict log prompt to restore the default.
Syntax
arp ip-conflict log prompt
undo arp ip-conflict log prompt
Default
IP conflict notification is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
By default, the device performs the following operations if it is using the sender IP address of a received ARP packet:
· Sends a gratuitous ARP request.
· Displays an error message after the device receives an ARP reply about the conflict.
You can use this command to enable the device to display error messages before sending a gratuitous ARP reply or request for conflict confirmation.
Examples
# Enable IP conflict notification on the device.
<Sysname> system-view
[Sysname] arp ip-conflict log prompt
arp send-gratuitous-arp
Use arp send-gratuitous-arp to enable periodic sending of gratuitous ARP packets on an interface.
Use undo arp send-gratuitous-arp to disable the interface from periodically sending gratuitous ARP packets.
Syntax
arp send-gratuitous-arp [ interval interval ]
undo arp send-gratuitous-arp
Default
Periodic sending of gratuitous ARP packets is disabled.
Views
Layer 3 Ethernet interface view
Layer 3 Ethernet subinterface view
Layer 3 aggregate interface view
Layer 3 aggregate subinterface view
VXLAN VSI interface view
VLAN interface view
Predefined user roles
network-admin
Parameters
interval interval: Specifies the sending interval in the range of 200 to 200000 milliseconds. The default value is 2000 milliseconds.
Usage guidelines
This feature takes effect on an interface only when the interface has an IP address and the data link layer state of the interface is up.
This feature can send gratuitous ARP requests only for a VRRP virtual IP address, or the sending interface's primary IP address or manually configured secondary IP address. The primary IP address can be configured manually or automatically, whereas the secondary IP address must be configured manually.
If you change the sending interval for gratuitous ARP packets, the configuration takes effect at the next sending interval.
The sending interval for gratuitous ARP packets might be much longer than the set interval when any of the following conditions exist:
· This feature is enabled on multiple interfaces.
· Each interface is configured with multiple secondary IP addresses.
· A small sending interval is configured in the preceding cases.
Examples
# Enable GigabitEthernet 1/0/1 to send gratuitous ARP packets every 300 milliseconds.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] arp send-gratuitous-arp interval 300
gratuitous-arp mac-change retransmit
Use gratuitous-arp mac-change retransmit to set the times and the interval for retransmitting a gratuitous ARP packet for the device MAC address change.
Use undo gratuitous-arp mac-change retransmit to restore the default.
Syntax
gratuitous-arp mac-change retransmit times interval seconds
undo gratuitous-arp mac-change retransmit
Default
The device sends a gratuitous packet for its MAC address change once only.
Views
System view
Predefined user roles
network-admin
Parameters
times: Specifies the times of retransmitting a gratuitous packet, in the range of 1 to 10.
interval seconds: Specifies the interval for retransmitting a gratuitous packet, in the range of 1 to 10 seconds.
Usage guidelines
The device sends a gratuitous ARP packet to inform other devices of its MAC address change. However, the other devices might fail to receive the packet because the device sends the gratuitous ARP packet once only by default. Use this command to configure gratuitous ARP retransmission parameters to ensure that the other devices can receive the packet.
After you execute this command, the device will retransmit a gratuitous ARP packet for its MAC address change at the specified interval for the specified times.
Examples
# Set the times to 3 and the interval to 5 for retransmitting a gratuitous ARP packet for the device MAC address change.
<Sysname> system-view
[Sysname] gratuitous-arp mac-change retransmit 3 interval 5
gratuitous-arp-learning enable
Use gratuitous-arp-learning enable to enable learning of gratuitous ARP packets.
Use undo gratuitous-arp-learning enable to disable learning of gratuitous ARP packets.
Syntax
gratuitous-arp-learning enable
undo gratuitous-arp-learning enable
Default
Learning of gratuitous ARP packets is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
The learning of gratuitous ARP packets feature allows a device to maintain its ARP table by creating or updating ARP entries based on received gratuitous ARP packets.
When this feature is disabled, the device uses received gratuitous ARP packets to update existing ARP entries only. ARP entries are not created based on the received gratuitous ARP packets, which saves ARP table space.
Examples
# Enable learning of gratuitous ARP packets.
<Sysname> system-view
[Sysname] gratuitous-arp-learning enable
gratuitous-arp-sending enable
Use gratuitous-arp-sending enable to enable sending gratuitous ARP packets upon receiving ARP requests whose sender IP address is on a different subnet.
Use undo gratuitous-arp-sending enable to disable sending gratuitous ARP packets upon receiving ARP requests whose sender IP address is on a different subnet.
Syntax
gratuitous-arp-sending enable
undo gratuitous-arp-sending enable
Default
A device does not send gratuitous ARP packets when it receives ARP requests whose sender IP address is on a different subnet.
Views
System view
Predefined user roles
network-admin
Examples
# Disable a device from sending gratuitous ARP packets upon receiving ARP requests whose sender IP address is on a different subnet.
<Sysname> system-view
[Sysname] undo gratuitous-arp-sending enable
Proxy ARP commands
display local-proxy-arp
Use display local-proxy-arp to display the local proxy ARP status.
Syntax
display local-proxy-arp [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the local proxy ARP status for all interfaces.
Usage guidelines
You can use this command to check whether local proxy ARP is enabled or disabled.
Examples
# Display the local proxy ARP status for GigabitEthernet 1/0/1.
<Sysname> display local-proxy-arp interface gigabitethernet 1/0/1
Interface GigabitEthernet1/0/1
Local Proxy ARP status: enabled
Related commands
local-proxy-arp enable
display proxy-arp
Use display proxy-arp to display the proxy ARP status.
Syntax
display proxy-arp [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the proxy ARP status for all interfaces.
Usage guidelines
You can use this command to check whether proxy ARP is enabled or disabled.
Examples
# Display the proxy ARP status on GigabitEthernet 1/0/1.
<Sysname> display proxy-arp interface gigabitethernet 1/0/1
Interface GigabitEthernet1/0/1
Proxy ARP status: disabled
Related commands
proxy-arp enable
display proxy-arp statistics
Use display proxy-arp statistics to display statistics about proxy ARP reply packets.
Syntax
display proxy-arp statistics
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
This command displays the proxy ARP reply statistics within the most recent minute on a per-second basis and displays the statistics one minute ago on a five-minute basis. The device can display the proxy ARP reply statistics in the most recent hour.
Examples
# Display proxy ARP reply statistics.
<Sysname> display proxy-arp statistics
Last 1 sec proxy count: 200
Last 2 sec proxy count: 400
...
Last 1 min proxy count: 12000
Last 5 min proxy count: 18000
Last 10 min proxy count: 24000
...
Last 60 min proxy count: 182445
Table 7 Command output
|
Field |
Description |
|
Last n sec proxy count: |
Number of proxy ARP reply packets within the most recent nth second. |
|
Last n min proxy count: |
Number of proxy ARP reply packets within the most recent nth minute. |
local-proxy-arp enable
Use local-proxy-arp enable to enable local proxy ARP.
Use undo local-proxy-arp enable to disable local proxy ARP.
Syntax
local-proxy-arp enable [ ip-range start-ip-address to end-ip-address ]
undo local-proxy-arp enable
Default
Local proxy ARP is disabled.
Views
Layer 3 Ethernet interface view
Layer 3 Ethernet subinterface view
Layer 3 aggregate interface view
Layer 3 aggregate subinterface view
VXLAN VSI interface view
VLAN interface view
Predefined user roles
network-admin
Parameters
ip-range start-ip-address to end-ip-address: Specifies the IP address range for which local proxy ARP is enabled. The start IP address must be lower than or equal to the end IP address.
Usage guidelines
Proxy ARP enables a device on a network to answer ARP requests for an IP address not on that network. With proxy ARP, hosts in different broadcast domains can communicate with each other as they do on the same network.
Proxy ARP includes common proxy ARP and local proxy ARP.
Common proxy ARP allows communication between hosts that connect to different Layer 3 interfaces and reside in different broadcast domains.
Local proxy ARP allows communication between hosts that connect to the same Layer 3 interface and reside in different broadcast domains.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Enable local proxy ARP on GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] local-proxy-arp enable
# Enable local proxy ARP on GigabitEthernet 1/0/1 for an IP address range.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] local-proxy-arp enable ip-range 1.1.1.1 to 1.1.1.20
Related commands
display local-proxy-arp
proxy-arp enable
Use proxy-arp enable to enable proxy ARP.
Use undo proxy-arp enable to disable proxy ARP.
Syntax
proxy-arp enable
undo proxy-arp enable
Default
Proxy ARP is disabled.
Views
Layer 3 Ethernet interface view
Layer 3 Ethernet subinterface view
Layer 3 aggregate interface view
Layer 3 aggregate subinterface view
VXLAN VSI interface view
VLAN interface view
Predefined user roles
network-admin
Usage guidelines
Proxy ARP enables a device on a network to answer ARP requests for an IP address not on that network. With proxy ARP, hosts in different broadcast domains can communicate with each other as they do on the same network.
Proxy ARP includes common proxy ARP and local proxy ARP.
Common proxy ARP allows communication between hosts that connect to different Layer 3 interfaces and reside in different broadcast domains.
Local proxy ARP allows communication between hosts that connect to the same Layer 3 interface and reside in different broadcast domains.
Examples
# Enable proxy ARP on GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] proxy-arp enable
Related commands
display proxy-arp
ARP PnP commands
arp pnp
Use arp pnp to enable the ARP plug and play (PnP) feature.
Use undo arp pnp to disable the ARP PnP feature.
Syntax
arp pnp
undo arp pnp
Default
The ARP PnP feature is disabled.
Views
Layer 3 Ethernet interface view
Layer 3 Ethernet subinterface view
Predefined user roles
network-admin
Usage guidelines
|
|
CAUTION: Features that use ARP entries, for example, static routes and proxy ARP, cannot operate correctly when the ARP PnP feature is enabled. |
This command is typically configured on a gateway. The ARP PnP feature allows end users to access the gateway without changing their IP addresses on subnets different from the subnet where the gateway resides.
To make ARP PnP operate correctly on an interface, make sure the following requirements are met:
· The interface has a primary IP address.
· NAT is configured on the interface that connects to the external network.
· ARP entries on the interface are all deleted by using the reset arp command before you enable the ARP PnP feature.
The ARP PnP feature generates agent IP addresses based on the primary IP address and mask length of the interface. The maximum number of agent IP addresses allowed on an interface is the smaller value of the following items:
· The maximum number of host IP addresses allowed by the mask length. The interface's primary IP address is excluded. For example, if the mask length is 24, a maximum of 253 agent IP addresses can be generated.
· The maximum number of dynamic ARP entries that the interface can learn.
Examples
# Enable the ARP PnP feature.
<Sysname> system-view
[sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] arp pnp
display arp pnp
Use display arp pnp to display ARP PnP mappings.
Syntax
display arp pnp [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, the command displays ARP PnP mappings for all interfaces.
Examples
# Display all ARP PnP mappings.
<Sysname> display arp pnp
Total number of entries : 5
Agent IP address User IP address MAC address Interface Aging
1.1.1.2 20.1.1.1 00e0-fc00-0001 GE1/0/1 10
1.1.1.3 193.1.1.70 00e0-fe50-6503 GE1/0/1 5
2.2.2.2 192.168.0.115 000d-88f7-9f7d GE1/0/2 11
3.3.3.3 192.168.0.39 0012-a990-2241 GE1/0/3 5
3.3.3.4 22.1.1.1 000c-299d-c041 GE1/0/3 14
# Display ARP PnP mappings on GigabitEthernet 1/0/1.
<Sysname> display arp pnp interface gigabitethernet 1/0/1
Total number of entries : 2
Agent IP address User IP address MAC address Interface Aging
1.1.1.2 20.1.1.1 00e0-fc00-0001 GE1/0/1 10
1.1.1.3 193.1.1.70 00e0-fe50-6503 GE1/0/1 5
Table 8 Command output
|
Field |
Description |
|
Agent IP address |
Agent IP address the ARP PnP feature generates for the user. |
|
User IP address |
IP address of the user. |
|
MAC address |
MAC address of the user. |
|
Interface |
Interface that connects to the user. |
|
Aging |
Aging time (in minutes) of the mapping. |
ARP suppression commands
arp suppression enable
Use arp suppression enable to enable ARP suppression.
Use undo arp suppression enable to disable ARP suppression.
Syntax
arp suppression enable
undo arp suppression enable
Default
ARP suppression is disabled.
Views
Cross-connect view
Predefined user roles
network-admin
Usage guidelines
Application scenarios
Too many ARP packets on an MPLS L2VPN network causes high CPU load on the PE device, which affects normal service processing. To resolve the issue, you can enable ARP suppression on the PE device to ensure normal network communication.
Operating mechanism
Enabled with ARP suppression, the PE device listens to all received ARP packets. When the base station or PE-agg initiates ARP resolution again, the PE device can answer the ARP request so as to suppress ARP flooding.
Restrictions and guidelines
You must enable L2VPN before you enter cross-connect view. For more information about L2VPN, see MPLS L2VPN configuration in MPLS Configuration Guide.
Examples
# Enable ARP suppression for cross-connect 2 in cross-connect group 1.
<Sysname> system-view
[Sysname] xconnect-group 1
[Sysname-xcg-1] connection 2
[Sysname-xcg-1-2] arp suppression enable
Related commands
arp suppression push interval
Use arp suppression push interval to enable the ARP suppression push feature and set a push interval.
Use undo arp suppression push interval to disable the ARP suppression push feature.
Syntax
arp suppression push interval interval
undo arp suppression push interval
Default
The ARP suppression push feature is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
interval: Specifies a push interval for ARP suppression, in the range of 1 to 1440 minutes.
Usage guidelines
The ARP suppression push feature regularly pushes ARP suppression entries by broadcasting gratuitous ARP packets.
Examples
# Configure the device to push ARP suppression entries every 2 minutes.
<Sysname> system-view
[Sysname] arp suppression push interval 2
Related commands
arp suppression enable
display arp suppression xconnect-group
Use display arp suppression xconnect-group to display ARP suppression entries.
Syntax
display arp suppression xconnect-group [ name group-name ] [ slot slot-number ] [ count ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
name group-name: Specifies a cross-connect group by its name, a case-sensitive string of 1 to 31 characters excluding hyphens (-). If you do not specify a cross-connect group, this command display ARP suppression entries for all cross-connect groups.
count: Displays the total number of ARP suppression entries.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays ARP suppression entries for the active MPU.
Examples
# Display ARP suppression entries for all cross-connect groups.
<Sysname> display arp suppression xconnect-group
IP address MAC address Xconnect-group Connection Aging
100.1.1.1 000c-29fe-5a8f vpna svc 12
100.1.1.2 000c-29fe-5aa3 vpna svc 25
# Display the total number of ARP suppression entries.
<Sysname> display arp suppression xconnect-group count
Total entries: 2
Table 9 Command output
|
Field |
Description |
|
IP address |
IP address in the ARP suppression entry. |
|
MAC address |
MAC address in the ARP suppression entry. |
|
Xconnect-group |
Name of the cross-connect group to which the ARP suppression entry belongs. |
|
Connection |
Name of the cross-connect to which the ARP suppression entry belongs. |
|
Aging |
Aging time of the ARP suppression entry, in minutes. |
Related commands
reset arp suppression xconnect-group
reset arp suppression xconnect-group
Use reset arp suppression xconnect-group to clear ARP suppression entries.
Syntax
reset arp suppression xconnect-group [ name group-name ]
Views
User view
Predefined user roles
network-admin
Parameters
name group-name: Specifies a cross-connect group by its name, a case-sensitive string of 1 to 31 characters excluding hyphens (-). If you do not specify a cross-connect group, this command clears ARP suppression entries for all cross-connect groups.
Examples
# Clear ARP suppression entries for all cross-connect groups.
<Sysname> reset arp suppression xconnect-group
Related commands
display arp suppression xconnect-group
ARP direct route advertisement commands
arp route-direct advertise
Use arp route-direct advertise to enable ARP direct route advertisement.
Use undo arp route-direct advertise to disable ARP direct route advertisement.
Syntax
arp route-direct advertise [ preference preference-value | tag tag-value ] *
undo arp route-direct advertise
Default
ARP direct route advertisement is disabled.
Views
Layer 3 Ethernet interface view
Layer 3 Ethernet subinterface view
Layer 3 aggregate interface view
Layer 3 aggregate subinterface view
VLAN interface view
L3VE interface view
VSI interface view
Predefined user roles
network-admin
Parameters
preference preference-value: Specifies the preference for the ARP-advertised direct routes. The value range for the preference-value argument is 1 to 255, and the default is 0. The smaller the value, the higher the preference.
tag tag-value: Specifies the route tag for the ARP-advertised direct routes. The value range for the tag-value argument is 1 to 4294967295, and the default is 0.
Usage guidelines
If ARP direct route advertisement is configured, ARP advertises ARP entries to the route management module to generate direct routes with an optional preference or route tag. The route preference value determines the match order of a route. Dynamic routing protocols use the tag value as the route identifier when they redistribute the route.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Enable ARP direct route advertisement on Layer 3 Ethernet interface GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] arp route-direct advertise
# Enable ARP direct route advertisement on Layer 3 Ethernet interface GigabitEthernet 1/0/1 and set the preference value to 1 for direct routes.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] arp route-direct advertise preference 1
# Enable ARP direct route advertisement on VE interface VE-L3VPN 1, set the preference value to 2, and set the route tag value to 2 for direct routes.
[Sysname] interface ve-l3vpn 1
[Sysname-VE-L3VPN1] arp route-direct advertise preference 2 tag 2
arp route-direct advertise delay
Use arp route-direct advertise delay to set a delay for generating direct routes based on ARP entries.
Use undo arp route-direct advertise delay to restore the default.
Syntax
arp route-direct advertise delay delay-time
undo arp route-direct advertise delay
Default
The device generates a direct route immediately after an ARP entry is learned on an interface enabled with ARP direct route advertisement.
Views
Layer 3 Ethernet interface view
Layer 3 Ethernet subinterface view
Layer 3 aggregate interface view
Layer 3 aggregate subinterface view
VLAN interface view
L3VE interface view
VSI interface view
Predefined user roles
network-admin
Parameters
delay-time: Specifies the delay for ARP-based generation of direct routes. The value range is 0 to 3600 seconds.
Usage guidelines
Application scenarios
After you enable ARP direct route advertisement on an interface by using the arp route-direct advertise command, the device generates direct routes and adjacency table entries based on ARP entries learned on that interface. If the direct routes are generated before the adjacency table entries for them, temporary packet loss will occur due to lack of Layer 2 information for packet encapsulation. To avoid such an issue, use this command to set a route generation delay for ARP direct route advertisement on the interface.
Operating mechanism
After you enable ARP direct route advertisement and set a route generation delay for it on an interface, a delay timer starts when an ARP entry is learned on that interface.
If the configuration for ARP direct route advertisement is modified before the delay time expires, the device advertises the direct route based on the new settings when the timer expires.
If you change the delay setting after a delay timer starts for an ARP entry, the new setting takes effect. However, the timer does not reset.
· If the timer count is equal to or higher than the new delay setting, the device generates a direct route based on the ARP entry.
· If the timer count is lower than the new delay setting, the device generates a direct route based on the ARP entry when the amount of new delay time is reached.
Restrictions and guidelines
You can enable ARP direct route advertisement and set a delay for ARP-based generation of direct routes in any order. If you set the delay first and then enable ARP direct route advertisement, the device generates a direct route based on the ARP entry when the delay time is reached.
Examples
# Set a route generation delay for ARP direct route advertisement on Layer 3 Ethernet interface GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] arp route-direct advertise delay 200
# Set a route generation delay for ARP direct route advertisement on L3VE interface VE-L3VPN 1.
<Sysname> system-view
[Sysname] interface ve-l3vpn 1
[Sysname-VE-L3VPN1] arp route-direct advertise delay 100
Related commands
arp route-direct advertise
display arp route-direct advertise
Use display arp route-direct advertise to display information about ARP direct route advertisement.
Syntax
display arp route-direct advertise interface interface-type interface-number
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. Make sure ARP direct route advertisement is enabled on the interface.
Usage guidelines
When ARP direct route advertisement is enabled, the device generates direct routes based on ARP entries for packet forwarding and route advertisement. You can use this command to verify that the route management module has generated direct routes for ARP entries as configured.
Examples
# Display the direct routes generated based on ARP entries on GigabitEthernet 1/0/1.
<Sysname> display arp route-direct advertise interface gigabitethernet 1/0/1
IP address MAC address VLAN/VSI Interface Route
1.1.1.1 02e0-f102-0023 1 GE1/0/1 Yes
1.1.1.2 00e0-fc00-0001 12 GE1/0/1 No
Table 10 Command output
|
Field |
Description |
|
IP address |
IP address in the ARP entry. |
|
MAC address |
MAC address in the ARP entry. |
|
VLAN/VSI |
ID of the VLAN or index of the VSI to which the ARP entry belongs. This field displays two hyphens (--) in either of the following situations: The ARP entry is an unresolved short static ARP entry. The output interface of the ARP entry does not belong to the VLAN or VSI. |
|
Interface |
Output interface in the ARP entry. |
|
Route |
Whether or not a direct route has been generated based on the ARP entry: Yes—A direct route has been generated based on the ARP entry. No—No direct route has been generated based on the ARP entry. |
Related commands
arp route-direct advertise
Commands for disabling sending ARP requests when data packets trigger ARP resolution
arp fib-miss drop
Use arp fib-miss drop to disable the device from sending ARP requests for ARP learning when data packets trigger ARP resolution.
Use undo arp fib-miss drop to restore the default.
Syntax
arp fib-miss drop
undo arp fib-miss drop
Default
The device sends ARP requests for ARP learning when data packets trigger ARP resolution.
Views
Layer 3 Ethernet interface view
Layer 3 Ethernet subinterface view
Layer 3 aggregate interface view
Layer 3 aggregate subinterface view
VSI interface view
VLAN interface view
L3VE interface view
Predefined user roles
network-admin
Usage guidelines
Application scenarios
By default, when the device receives a data packet not destined for it and cannot find a match for the next hop in the ARP table, it performs the following tasks:
1. Sends an ARP request to obtain the MAC address of the next hop.
2. Generates an ARP entry based on the obtained MAC address.
A large number of ARP requests consume too many network resources, affecting normal service operation. To resolve the issue, use this feature to disable the device from sending ARP requests for ARP learning when data packets trigger ARP resolution. This suppresses ARP flooding by reducing ARP packets on the network.
Operating mechanism
After you configure this feature on an interface of the device, the device does not send an ARP request for ARP learning in the following conditions:
· The interface receives a data packet not destined for the device and the next hop for the data packet does not match any ARP entry.
· The interface sends a data packet that triggers ARP resolution.
Restrictions and guidelines
As a best practice, configure this feature only when the network is attacked by ARP flooding.
Examples
# On GigabitEthernet 1/0/1, disable the device from sending ARP requests for ARP learning when data packets trigger ARP resolution.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] arp fib-miss drop
ARP-Ping commands
ping arp ip
Use ping arp ip to test whether an IPv4 address is in use on a LAN by sending ARP requests.
Syntax
ping arp ip host [ interface interface-type interface-number [ timeout timeout ] [ count count ]
Views
Any view
Predefined user roles
network-admin
Parameters
host: Specifies the IP address or host name of the destination. The host name is a case-insensitive string of 1 to 253 characters. It can contain letters, digits, hyphens (-), underscores (_), and dots (.).
interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, the device uses the outgoing interface of the matching route to send ARP requests.
timeout timeout: Specifies the amount of time waiting for an ARP reply, in milliseconds. The value range is 0 to 65535. The default value is 3000.
count count: Specifies the maximum number of ARP requests to be sent. The value range is 1 to 4294967295. The default value is 5.
Usage guidelines
Application scenarios
This command tests whether an IPv4 address in a LAN is in use by sending ARP requests. Compared with the ping command, the ping arp ip command avoids a wrong result when the destination host is enabled with a firewall that blocks ICMP packets. In addition, it consumes fewer network resources because an ARP request is shorter than an ICMP packet.
Operating mechanism
After the device sends an ARP request to an IPv4 address, if it receives an ARP reply before the ARP request timeout timer expires, it determines that the IP address is being used. If no ARP reply is received before the ARP request timeout timer expires, the device sends another ARP request. After the device sends the maximum number of ARP requests without receiving a reply, the device stops sending ARP requests and regards the IPv4 address as an unused address.
Restrictions and guidelines
To execute the ping arp ip command by specifying the destination host name, configure the DNS feature first. For more information about DNS, see DNS configuration in Layer 3—IP Services Configuration Guide.
If multiple devices exist on the LAN, executing this command will take some time. To stop an ongoing test, press Ctrl + C.
Examples
# Test whether IP address 1.1.1.3 is in use on the LAN by sending ARP requests. (In this example, the IP address has been used.)
<Sysname> ping arp ip 1.1.1.3
1.1.1.3 is used by 0003-0003-0003.
# Test whether IP address 1.1.1.3 is in use on the LAN by sending ARP requests. (In this example, the IP address is not in use.
<Sysname> ping arp ip 1.1.1.3
The IP address is not used by anyone.
ping arp mac
Use ping arp mac to test whether a MAC address exists on a specified network or to view its associated IPv4 address.
Syntax
ping arp mac mac-address { interface interface-type interface-number | ip ipv4-address [ vpn-instance vpn-instance-name ] } [ timeout timeout ] [ count count ]
Views
Any view
Predefined user roles
network-admin
Parameters
mac-address: Specifies the target MAC address in the format of H-H-H. When you enter a MAC address, you can omit the leading zeros in each H section. For example, enter f-e2-1 for 000f-00e2-0001. The MAC address cannot be a multicast address, broadcast address, or virtual MAC address of the device.
interface interface-type interface-number: Specifies the outgoing interface for sending the ICMP echo requests by its type and number.
ip ipv4-address: Specifies the target IPv4 network address.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. To specify a MAC address on the public network, do not specify this option.
timeout timeout: Specifies the amount of time waiting for an ICMP echo reply, in milliseconds. The value range is 0 to 65535. The default value is 3000.
count count: Specifies the maximum number of ICMP echo requests to be sent. The value range is 1 to 4294967295. The default value is 5.
Usage guidelines
Application scenarios
To obtain the IPv4 address associated with a MAC address, use this command to broadcast Layer 3 ICMP packets.
Operating mechanism
The device retransmits an ICMP echo request if it has failed to receive an ICMP echo reply before the request timeout timer expires. The device stops sending ICMP echo requests and determines that the MAC address is not on the network after it has sent the maximum number of requests without receiving a reply.
Restrictions and guidelines
If multiple devices exist on the network, executing this command will take some time. To stop an ongoing test, press Ctrl + C.
Examples
# Test whether MAC address 0003-0003-0003 exists on the network attached to GigabitEthernet 1/0/1.
<Sysname> ping arp mac 0003-0003-0003 interface gigabitethernet 1/0/1
ARP-Ping MAC statistics:
1 packet(s) transmitted
1 packet(s) received
IP address MAC address
1.1.1.3 0003-0003-0003
# Test whether MAC address 0003-0003-0003 exists on network 1.1.1.0.
<Sysname> ping arp mac 0003-0003-0003 ip 1.1.1.0
ARP-Ping MAC statistics:
5 packet(s) transmitted
0 packet(s) received
MAC[0003-0003-0003] not in use
