Dynamic ARP entry check disables a device from supporting dynamic ARP entries with multicast MAC addresses. The device cannot learn dynamic ARP entries containing multicast MAC addresses. You cannot manually add static ARP entries that contain multicast MAC addresses.

When dynamic ARP entry check is disabled, ARP entries containing multicast MAC addresses are supported. The device can learn dynamic ARP entries containing multicast MAC addresses obtained from the ARP packets sourced from a unicast MAC address. You can also manually add static ARP entries containing multicast MAC addresses.

Examples

# Enable dynamic ARP entry check.

<Sysname> system-view

[Sysname] arp check enable

arp check log enable

Use arp check log enable to enable the ARP logging feature.

Use undo arp check log enable to disable the ARP logging feature.

Syntax

arp check log enable

undo arp check log enable

Default

ARP logging is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This feature enables a device to log ARP events when ARP cannot resolve IP addresses correctly. The device can log the following ARP events:

· On a proxy ARP-disabled interface, the target IP address of a received ARP packet is not one of the following IP addresses:

¡ The IP address of the receiving interface.

¡ The virtual IP address of the VRRP group.

¡ The public IP address after NAT.

· The sender IP address of a received ARP reply conflicts with one of the following IP addresses:

¡ The IP address of the receiving interface.

¡ The virtual IP address of the VRRP group.

¡ The public IP address after NAT.

The device sends ARP log messages to the information center. You can use the info-center source command to specify the log output rules for the information center. For more information about information center, see Network Management and Monitoring Configuration Guide.

The device can generate a large number of ARP logs. To conserve system resources, enable ARP logging only when you are auditing or troubleshooting ARP events.

Examples

# Enable ARP logging.

<Sysname> system-view

[Sysname] arp check log enable

arp local-conflict record enable

Use arp local-conflict record enable to enable recording conflicts between an endpoint and the local device.

Use undo arp local-conflict record enable to disable recording conflicts between the endpoints and local device.

Syntax

arp local-conflict record enable

undo arp local-conflict record enable

Default

Recording conflicts between the endpoints and local device is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This feature enables the device to detect and record conflicts between the endpoints and local device. The device determines that a conflict occurs if an incoming non-gratuitous ARP packet has the same sender IP address or sender MAC address as that of the device. The device generates an endpoint and local device conflict entry, logs the conflict, and sends the log to the information center. For information about the log destination and output rule configuration, see information center configuration in Network Management and Monitoring Configuration Guide.

If no new endpoint and local device conflict occurs within three minutes after the entry is generated, the system deletes the conflict entry.

An interface sends only one endpoint and local device conflict log to the information center per minute. The device supports a maximum of 128 interfaces sending conflict logs simultaneously. When the number of interfaces that send conflict logs reaches 128, the device stops another interface from sending conflict logs until an existing conflict is resolved.

Examples

# Enable recording conflicts between the endpoints and local device.

<Sysname> system-view

[Sysname] arp local-conflict record enable

arp max-learning-num

Use arp max-learning-num to set the dynamic ARP learning limit on an interface.

Use undo arp max-learning-num to restore the default.

Syntax

arp max-learning-num max-number

undo arp max-learning-num

Default

An interface can learn a maximum of 6144 dynamic ARP entries.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

Layer 3 Ethernet interface view

Layer 3 Ethernet subinterface view

Layer 3 aggregate interface view

Layer 3 aggregate subinterface view

VLAN interface view

Predefined user roles

network-admin

Parameters

max-number: Specifies the maximum number of dynamic ARP entries that can be learned on an interface. The value range is 0 to 6144.

Usage guidelines

An interface can dynamically learn ARP entries. To prevent an interface from holding too many ARP entries, you can set the maximum number of dynamic ARP entries that the interface can learn. When the limit is reached, the interface stops learning ARP entries.

When the learning limit is set to 0, the interface is disabled from learning dynamic ARP entries.

Examples

# Specify VLAN-interface 40 to learn a maximum of 10 dynamic ARP entries.

<Sysname> system-view

[Sysname] interface vlan-interface 40

[Sysname-Vlan-interface40] arp max-learning-num 10

# Specify GigabitEthernet 1/0/6 to learn a maximum of 10 dynamic ARP entries.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/6

[Sysname-GigabitEthernet1/0/6] arp max-learning-num 10

# Specify Layer 2 aggregate interface Bridge-Aggregation 1 to learn a maximum of 10 dynamic ARP entries.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] arp max-learning-num 10

# Specify Layer 3 aggregate interface Route-Aggregation 1 to learn a maximum of 10 dynamic ARP entries.

<Sysname> system-view

[Sysname] interface route-aggregation 1

[Sysname-Route-Aggregation1] arp max-learning-num 10

arp max-learning-number

Use arp max-learning-number to set the dynamic ARP learning limit on a device.

Use undo arp max-learning-number to restore the default.

Syntax

arp max-learning-number max-number

undo arp max-learning-number

Default

The device can learn a maximum of 6144 dynamic ARP entries.

Views

System view

Predefined user roles

network-admin

Parameters

max-number: Specifies the maximum number of dynamic ARP entries that can be learned on a device. The value range is 0 to 6144.

Usage guidelines

A device can dynamically learn ARP entries. To prevent a device from holding too many ARP entries, you can set the maximum number of dynamic ARP entries that the device can learn. When the limit is reached, the device stops learning ARP entries.

When the learning limit is set to 0, the device is disabled from learning dynamic ARP entries.

Examples

# Set the ARP learning limit to 64 for slot 1.

<Sysname> system-view

[Sysname] arp max-learning-number 64 slot 1

arp safe-guard enable

Use arp safe-guard enable to enable the ARP safe-guard feature.

Use undo safe-guard enable to disable the ARP safe-guard feature.

Syntax

arp safe-guard enable

undo arp safe-guard enable

Default

The ARP safe-guard feature is disabled.

Views

Layer 3 Ethernet interface view

Layer 3 Ethernet subinterface view

Layer 3 aggregate interface view

Layer 3 aggregate subinterface view

VLAN interface view

Predefined user roles

network-admin

Usage guidelines

You can use this command to prevent traffic-intensive ARP packet attacks on a device. After you enable this feature, the device operates as follows:

· The device sends replies to all incoming ARP requests but do not generate corresponding ARP entries, which prevents gateway spoofing attacks.

· The device generates ARP entries for incoming ARP replies that the device requests.

· The device drops incoming ARP replies that are not requested by the device, which ensures that the device can learn correct ARP entries.

Examples

# Enable the ARP safe-guard feature on GigabitEthernet 1/0/6.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/6

[Sysname-GigabitEthernet1/0/6] arp safe-guard enable

arp smooth

Use arp smooth to synchronize ARP entries from the active MPU to all other cards.

Syntax

arp smooth

Views

User view

Predefined user roles

network-admin

Usage guidelines

This command triggers a one-time operation to ensure that all cards on the device have the same ARP entries.

To synchronize ARP entries across all cards in a timely manner, you can schedule the device to automatically execute the arp smooth command. For information about scheduling a task, see Fundamentals Configuration Guide.

Examples

# Synchronize ARP entries from the active MPU to all other cards.

<Sysname> arp smooth

arp static

Use arp static to configure a static ARP entry.

Use undo arp to delete an ARP entry.

Syntax

arp static ip-address mac-address vlan-id interface-type interface-number [ vpn-instance vpn-instance-name ] [ description text ]

undo arp ip-address [ vpn-instance-name ]

Default

No static ARP entries exist.

Views

System view

Predefined user roles

network-admin

Parameters

ip-address: Specifies an IP address for the static ARP entry.

mac-address: Specifies a MAC address for the static ARP entry, in the format of H-H-H.

vlan-id: Specifies the ID of a VLAN to which the static ARP entry belongs. The value range is 1 to 4094.

vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the static ARP entry belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the static ARP entry belongs to the public network, do not specify this option.

description text: Specifies the description for the static ARP entry, a case-sensitive string of 1 to 255 characters.

Usage guidelines

A static ARP entry is manually configured and maintained. It does not age out and cannot be overwritten by any dynamic ARP entry.

A resolved short static ARP entry becomes unresolved upon certain events, for example, when the resolved output interface goes down, or the corresponding VLAN or VLAN interface is deleted.

If you specify the vlan-id interface-type interface-number argument, follow these restrictions and guidelines:

· The interface can be an Ethernet interface or an aggregate interface.

· The VLAN and VLAN interface must already exist. The specified interface must belong to the specified VLAN.

· The IP address of the VLAN interface and the IP address specified by the ip-address argument must be on the same network.

· A long static ARP entry for a VLAN is deleted if the VLAN or VLAN interface is deleted.

For easy identification of ARP entries, you can configure a description for each static ARP entry.

Related commands

display arp

reset arp

arp timer aging

Use arp timer aging to set the aging timer for dynamic ARP entries.

Use undo arp timer aging to restore the default.

Syntax

System view:

arp timer aging aging-time

undo arp timer aging

Interface view:

arp timer aging { aging-minutes | second aging-seconds }

undo arp timer aging

Default

In system view, the aging timer for dynamic ARP entries is 20 minutes.

In interface view, the aging timer for dynamic ARP entries is the aging timer set in system view.

Views

System view

Layer 3 Ethernet interface view

Layer 3 Ethernet subinterface view

Layer 3 aggregate interface view

Layer 3 aggregate subinterface view

VLAN interface view

Predefined user roles

network-admin

Parameters

aging-time: Specifies the aging timer for dynamic ARP entries, in the range of 1 to 1440 minutes.

second aging-seconds: Specifies the aging timer in seconds. The value range for the aging-seconds argument is 5 to 86400.

Usage guidelines

Application scenarios

Each dynamic ARP entry in the ARP table has a limited lifetime, called an aging timer. The aging timer of a dynamic ARP entry is reset each time the dynamic ARP entry is updated. Dynamic ARP entries that are not updated before their aging timers expire are deleted from the ARP table.

You can set the aging timer for dynamic ARP entries to make sure dynamic ARP entries are updated in a timely manner.

Restrictions and guidelines

You can set the aging timer for dynamic ARP entries in system view or in interface view. The aging timer set in interface view takes precedence over the aging timer set in system view.

Set the aging timer for dynamic ARP entries as needed. For example, when you configure proxy ARP, set a short aging time so that invalid dynamic ARP entries can be deleted in a timely manner.

Examples

# Set the aging timer for dynamic ARP entries to 10 minutes.

<Sysname> system-view

[Sysname] arp timer aging 10

# Set the aging timer for dynamic ARP entries to 200 seconds on GigabitEthernet 1/0/6.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/6

[Sysname-GigabitEthernet1/0/6] arp timer aging second 200

Related commands

display arp timer aging

arp user-ip-conflict record enable

Use arp user-ip-conflict record enable to enable recording user IP address conflicts.

Use undo arp user-ip-conflict record enable to disable recording user IP address conflicts.

Syntax

arp user-ip-conflict record enable

undo arp user-ip-conflict record enable

Default

Recording user IP address conflicts is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This feature enables the device to detect and record user IP address conflicts. The device determines that a conflict occurs if an incoming ARP packet has the same sender IP address as an existing ARP entry but a different sender MAC address. The device generates a user IP address conflict record, logs the conflict, and sends the log to the information center. For information about the log destination and output rule configuration, see the information center in Network Management and Monitoring Configuration Guide.

The device can generate a maximum of 10 user IP address conflict records or logs per second and save a maximum of 200 user IP address conflict records or logs.

If the maximum number of saved user IP address conflict records or logs is reached, a new record or log will override the earliest record or log.

To display user IP address conflict records, use the display arp user-ip-conflict record command.

Examples

# Enable recording user IP address conflicts.

<Sysname> system-view

[Sysname] arp user-ip-conflict record enable

Related commands

display arp user-ip-conflict record

display arp

Use display arp to display ARP entries.

Syntax

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Displays all ARP entries.

dynamic: Displays dynamic ARP entries.

static: Displays static ARP entries.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays ARP entries on the active MPU.

vlan vlan-id: Specifies a VLAN by its VLAN ID. The VLAN ID is in the range of 1 to 4094.

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays ARP entries for all interfaces.

verbose: Displays detailed information about ARP entries.

Usage guidelines

This command displays information about static, dynamic, and multiport ARP entries, including the IP address, MAC address, VLAN ID, output interface, entry type, and aging timer.

Examples

# Display all ARP entries.

<Sysname> display arp all

Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid

IP address MAC address VLAN/VSI name Interface Aging Type

1.1.1.1 02e0-f102-0023 -- GE1/0/6 -- S

1.1.1.2 00e0-fc00-0001 -- GE1/0/7 1182 D

1.1.1.3 00e0-fe50-6503 -- Tunnel1 1200 D

1.1.1.4 000d-88f7-9f7d -- GE1/0/8 685 D

# Display detailed information about all ARP entries.

<Sysname> display arp all verbose

IP address : 1.1.1.1 MAC address : 02e0-f102-0023

Type : Static Aging : --

Interface : GE1/0/6

SVLAN/CVLAN : 1000/1001

VPN instance : --

Link ID : --

VXLAN ID : --

VSI name : --

VSI interface : --

Nickname : 0x0000

Description : User1

IP address : 1.1.1.2 MAC address : 0015-e944-adc5

Type : Dynamic Aging : 1179 sec

Interface : GE1/0/7

SVLAN/CVLAN : --/--

VPN instance : --

Link ID : --

VXLAN ID : --

VSI name : --

VSI interface : --

Nickname : 0x0000

Description : --

# Display the number of all ARP entries.

<Sysname> display arp all count

Total number of entries : 4

Table 1 Command output

Field	Description
IP address	IP address in an ARP entry.
MAC address	MAC address in an ARP entry.
VLAN/VSI name	ID of the VLAN or name of the VSI to which an ARP entry belongs. This field displays hyphens (--) in either of the following situations: · The ARP entry is an unresolved short static ARP entry. · The output interface of the ARP entry does not belong to any VLAN or VSI.
Interface	Output interface in an ARP entry. This field displays hyphens (--) in either of the following situations: · The ARP entry is an unresolved short static ARP entry. · The ARP entry is a multiport ARP entry and has no output interface information. To obtain the output interface information of the multiport ARP entry, look up the MAC address table according to the MAC address in the ARP entry.
Aging	Aging time for an ARP entry, in seconds. For a static ARP entry, this field always displays hyphens (--). The static ARP entry never ages out unless you delete it manually. For a dynamic ARP entry, this field displays hyphens (--) if the aging time is unknown.
Type	ARP entry type: · D—Dynamic. · S—Static. · O—OpenFlow. · R—Rule. · M—Multiport. · I—Invalid.
SVLAN/CVLAN	ID of the SVLAN or CVLAN to which the ARP entry belongs. This field displays hyphens (--) in either of the following situations: · The ARP entry is an unresolved short static ARP entry. · The output interface of the ARP entry does not belong to any SVLAN or CVLAN.
VPN instance	Name of VPN instance. This field displays hyphens (--) if no VPN instance is configured for the ARP entry.
Link ID	Link ID in an ARP entry. This field displays hyphens (--) if the ARP entry does not belong to any VSI.
VXLAN ID	VXLAN ID (also called VNI). This field displays hyphens (--) if the ARP entry does not belong to any VXLAN.
VSI name	Name of the VSI to which the ARP entry belongs. This field displays hyphens (--) if the ARP entry does not belong to a specific VSI.
VSI interface	VSI interface specified for the VSI. This field displays hyphens (--) if no VSI interface is specified for the VSI.
Nickname	Nickname of the ARP entry. The nickname is a string of four hexadecimal numbers, for example, 012a. For more information about the nickname, see TRILL Configuration Guide.
Description	Description of the ARP entry. If no description is configured for the ARP entry, this field displays hyphens (--).
Total number of entries	Number of ARP entries.

Related commands

arp static

reset arp

display arp entry-limit

Use display arp entry-limit to display the maximum number of ARP entries that a device supports.

Syntax

display arp entry-limit

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the maximum number of ARP entries that the device supports.

<Sysname> display arp entry-limit

ARP entries: 2048

display arp ip-address

Use display arp ip-address to display the ARP entry for an IP address.

Syntax

display arp ip-address [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ip-address: Specifies an IP address.

verbose: Displays the detailed information about the specified ARP entry.

Usage guidelines

The ARP entry information includes the IP address, MAC address, VLAN ID, output interface, entry type, and aging timer.

Examples

# Display the ARP entry for the IP address 20.1.1.1.

<Sysname> display arp 20.1.1.1

Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid

IP address MAC address VLAN/VSI name Interface Aging Type

20.1.1.1 00e0-fc00-0001 -- -- -- S

Related commands

arp static

reset arp

display arp log

Use display arp log to display brief ARP log information.

Syntax

display arp log [ interface interface-type interface-number | ip ip-address ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface: Displays the ARP log information for the specified interface.

ip: Displays the ARP log information for the specified IP address.

Examples

# Display brief information about all ARP log entries.

<Sysname> display arp log

Operate : ADD Reason : ADDBYMSG

Mac : 0000-0000-0000 Interface: GE2/0/1

SVLAN : 65535 IP : 1.1.1.2

CVLAN : 65535 Time : Oct 28 22:22:02 2022

Operate : ADD Reason : ADDBYMSG

Mac : 0000-0000-0000 Interface: GE2/0/1

SVLAN : 65535 IP : 1.1.1.1

CVLAN : 65535 Time : Oct 28 22:22:02 2022

Table 2 Command output

Field	Description
Operate	ARP entry operation type: · ADD—Add an entry to the table. · MOD—Modify an existing entry in the table. · DEL—Delete an entry from the table.
Reason	Source of the ARP log entry: · DRNIMSG—Added in response to an ARP entry update message from the M-LAG module. · STATICFIX—Added in response to conversion of a dynamic ARP entry to a static one. · PKTLEARN—Added by learning from an ARP packet. · STATICMSG—Added through static configuration. · ADDBYRULE—Added by the IPoE or portal feature. · ADDBYOP—Added by the OpenFlow feature. · ADDBYMSG—Added through ARP entry synchronization. · ADDWADJ—Added in response to an IPv4 adjacency entry refresh message sent by the WAN link adjacency table module. · ADDWADJSYN—Added in response to an inter-card IPv4 adjacency entry synchronization message sent by the WAN link adjacency table module. · DRVRELOAD—Added in response to the ARP update operation done in the driver. · STATICEVENT—Added through ARP entry update in response to a long static entry event. · SYNCWITHDRV—Added in synchronization with the driver. · RELOADBYPW—Added in response to the PW reload operation. · RELOADBYMMAC— Added through ARP entry refresh triggered by the MultiMac module. · RELOADBYRB—Added through ARP entry refresh triggered by the RB module. · DELBYCFG—Manually deleted. · DELBYIPVRF—Deleted in bulk. · DELBYVSRP—Deleted by VSRP. · DELBYNODUMMY—Deleted due to lack of a DUMMY entry. · DELBYSMOOTH—Deleted upon ARP entry smoothing. · DELBYSMOOTHFILTER—Deleted through filtering in an ARP entry smooth operation. · DELCONFIGIPIF—Deleted upon an IPv6 address or interface conflict. · DELARPSYN—Deleted upon an inter-card ARP entry synchronization. · DELWADJMSG—Deleted upon deletion of the corresponding IPv4 adjacency entry from the WAN link adjacency table. · DELWADJIFMSG—Deleted by interface upon deletion of the corresponding IPv4 adjacency entry from the WAN link adjacency table. · DELWADJBI—Deleted upon reception of the entry deletion message sent from the WAN link adjacency table module to the link layer in the kernel. · DELWADJDUMMY—Deleted upon deletion of the corresponding DUMMY entry by the WAN link adjacency table module. · DELWADJIFEVENT—Deleted upon deletion of the corresponding IPv4 adjacency entry done by the WAN link adjacency table module in response to an interface event. · DELWADJALL—Deleted upon deletion of all IPv6 adjacency entries from the WAN link adjacency table. · DELWADJ—Deleted upon deletion of the corresponding IPv6 adjacency entry from the WAN link adjacency table. · DELWADJSAGE—Deleted upon deletion of the corresponding IPv6 adjacency entry that had aged out from the WAN link adjacency table. · DELWADJIFSYN—Deleted upon deletion of the corresponding IPv4 adjacency entry from the WAN link adjacency table in response to interface entry synchronization. · DELWADJSYNMSG—Deleted upon deletion of the corresponding IPv4 adjacency entry from the WAN link adjacency table in response to inter-card entry synchronization. · DELWADJSMOOTH—Deleted upon deletion of the corresponding IPv4 adjacency entry because of entry smoothing done by the WAN link adjacency table module. · DELWADJPULLFINISH—Deleted upon deletion of the corresponding IPv4 adjacency entry after the WAN link adjacency table module successfully obtained entries in bulk. · DELPORTLVLAN—Deleted upon removal of the port from the VLAN. · DELVLANMODCHG—Deleted upon VLAN mode change. · DELLIMIT—Deleted because the number of ARP entries has reached the limit. · DELARPBYOPIF—Deleted upon deletion of the interface. · DELARPVLANEVENT—Deleted upon a VLAN event. · DELARPSTATUS—Deleted upon ARP entry status change. · DELARPBYIPIF—Deleted by specify the IPv4 address or interface. · DELARPBYIFMAP—Deleted upon an interface mapping operation. · DELARPBYIFDOWN— Deleted because the interface went down. · DELARPBYIFAGG—Deleted because the interface was added to a link aggregation group. · DELARPBYNODE—Deleted upon deletion of ARP entries by slot. · DELARPBYALL—Deleted upon deletion of all ARP entries. · DELARPBYALLEM—Deleted upon deletion of all ARP entries from non-management interfaces. · DELARPBYPW—Deleted upon deletion of ARP entries from a PW. · DELARPBYPWVSI—Deleted upon deletion of ARP. entries done by PWVSI. · DELARPBYMACNOTIFY—Deleted upon reception of ARP entries from MAC. · DELARPBYRB—Deleted upon a RB action. · DELARPBYTCPKEEP—Deleted because of the topology change notification (TCN) flag. · DELARPBYSTATICFIX—Deleted upon conversion of a dynamic entry to a static entry. · DELBYPULLFINISH—Deleted upon a successful batch data pull. · DELSTATICCONFLICT—Deleted upon a static configuration conflict.
IP	IP address in the ARP entry.
Mac	MAC address in the ARP entry.
Interface	Name of the outgoing interface in the ARP entry.
SVLAN	Service provider VLAN.
CVLAN	Customer VLAN.
Time	Timestamp of log creation.

display arp safe-guard statistics

Use display arp safe-guard statistics to display ARP safe-guard statistics.

Syntax

display arp safe-guard statistics

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

Examples

# Display ARP safe-guard statistics.

<Sysname> display arp safe-guard statistics

ARP replies sent by the driver: 1234

ARP replies dropped by the driver: 100

Table 3 Command output

Field	Description
ARP replies sent by the driver	Number of ARP replies that the driver sent to the device.
ARP replies dropped by the driver	Number of illegal ARP replies that the driver dropped.

Related commands

arp safe-guard enable

reset arp safe-guard statistics

display arp timer aging

Use display arp timer aging to display the aging timer of dynamic ARP entries.

Syntax

display arp timer aging

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the aging timer of dynamic ARP entries.

<Sysname> display arp timer aging

Current ARP aging time is 20 minute(s)(default)

Related commands

arp timer aging

display arp user-ip-conflict record

Use display arp user-ip-conflict record to display user IP address conflict records.

Syntax

display arp user-ip-conflict record

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

Examples

# Display all user IP address conflict records.

<Sysname> display arp user-ip-conflict record

IP address: 10.1.1.1

System time: 2018-02-02 11:22:29

Conflict count: 1

Log suppress count: 0

Old interface: GigabitEthernet1/0/6

New interface: GigabitEthernet1/0/7

Old SVLAN/CVLAN: 100/2

New SVLAN/CVLAN: 100/2

Old MAC: 00e0-ca63-8141

New MAC: 00e0-ca63-8142

IP address: 10.1.1.2

System time: 2018-02-02 10:20:30

Conflict count: 1

Log suppress count: 0

Old interface: GigabitEthernet1/0/6

New interface: GigabitEthernet1/0/7

Old SVLAN/CVLAN: 100/--

New SVLAN/CVLAN: 100/--

Old MAC: 00e0-ca63-8141

New MAC: 00e0-ca63-8142

Table 4 Command output

Field	Description
IP address	IP address of a user.
System time	Time when the user IP address conflict occurred.
Conflict count	Number of times that conflicts for the IP address.
Log suppress count	Number of times that user IP address conflict logs are suppressed.
Old interface	Output interface in the old ARP entry.
New interface	Output interface in the new ARP entry.
Old SVLAN/CVLAN	ID of the outer VLAN or inner VLAN in the old ARP entry. This field displays hyphens (--) if the ARP entry does not belong to any outer VLAN or inner VLAN.
New SVLAN/CVLAN	ID of the outer VLAN or inner VLAN in the new ARP entry. This field displays hyphens (--) if the ARP entry does not belong to any outer VLAN or inner VLAN.
Old MAC	MAC address in the old ARP entry.
New MAC	MAC address in the new ARP entry.

‌

Related commands

arp user-ip-conflict record enable

display arp vpn-instance

Use display arp vpn-instance to display the ARP entries for a VPN instance.

Syntax

display arp vpn-instance vpn-instance-name [ count ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

This command displays information about ARP entries for a VPN instance, including the IP address, MAC address, VLAN ID, output interface, entry type, and aging timer.

Examples

# Display ARP entries for VPN instance test.

<Sysname> display arp vpn-instance test

Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid

IP address MAC address VLAN/VSI name Interface Aging Type

20.1.1.1 00e0-fc00-0001 -- -- -- S

Related commands

arp static

reset arp

Use reset arp to clear ARP entries from the ARP table.

Syntax

reset arp { all | dynamic | interface interface-type interface-number | static }

Views

User view

Predefined user roles

network-admin

Parameters

all: Clears all ARP entries.

dynamic: Clears all dynamic ARP entries.

static: Clears all static ARP entries.

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command clears ARP entries on all interfaces.

Usage guidelines

CAUTION:

The reset arp command clears existing ARP entries on the device. It might cause external traffic unable to quickly reach the LAN users.

Examples

# Clear all static ARP entries.

<Sysname> reset arp static

This will delete all static entries. Continue? [Y/N]:

Related commands

arp static

display arp

reset arp safe-guard statistics

Use reset arp safe-guard statistics to clear ARP safe-guard statistics.

Syntax

reset arp safe-guard statistics all

Views

User view

Predefined user roles

network-admin

Parameters

all: Specifies all ARP safe-guard statistics.

Examples

# Clear ARP safe-guard statistics.

<Sysname> reset arp safe-guard statistics all

Related commands

arp safe-guard enable

display arp safe-guard statistics

Gratuitous ARP commands

arp ip-conflict log prompt

Use arp ip-conflict log prompt to enable IP conflict notification.

Use undo arp ip-conflict log prompt to restore the default.

Syntax

arp ip-conflict log prompt

undo arp ip-conflict log prompt

Default

IP conflict notification is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

By default, the device performs the following operations if it is using the sender IP address of a received ARP packet:

· Sends a gratuitous ARP request.

· Displays an error message after the device receives an ARP reply about the conflict.

You can use this command to enable the device to display error messages before sending a gratuitous ARP reply or request for conflict confirmation.

Examples

# Enable IP conflict notification on the device.

<Sysname> system-view

[Sysname] arp ip-conflict log prompt

arp send-gratuitous-arp

Use arp send-gratuitous-arp to enable periodic sending of gratuitous ARP packets on an interface.

Use undo arp send-gratuitous-arp to disable the interface from periodically sending gratuitous ARP packets.

Syntax

arp send-gratuitous-arp [ interval interval ]

undo arp send-gratuitous-arp

Default

Periodic sending of gratuitous ARP packets is disabled.

Views

Layer 3 Ethernet interface view

Layer 3 Ethernet subinterface view

Layer 3 aggregate interface view

Layer 3 aggregate subinterface view

VLAN interface view

Predefined user roles

network-admin

Parameters

interval interval: Specifies the sending interval in the range of 200 to 200000 milliseconds. The default value is 2000 milliseconds.

Usage guidelines

This feature takes effect on an interface only when the interface has an IP address and the data link layer state of the interface is up.

This feature can send gratuitous ARP requests only for a VRRP virtual IP address, or the sending interface's primary IP address or manually configured secondary IP address. The primary IP address can be configured manually or automatically, whereas the secondary IP address must be configured manually.

If you change the sending interval for gratuitous ARP packets, the configuration takes effect at the next sending interval.

The sending interval for gratuitous ARP packets might be much longer than the set interval when any of the following conditions exist:

· This feature is enabled on multiple interfaces.

· Each interface is configured with multiple secondary IP addresses.

· A small sending interval is configured in the preceding cases.

Examples

# Enable GigabitEthernet 1/0/6 to send gratuitous ARP packets every 300 milliseconds.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/6

[Sysname-GigabitEthernet1/0/6] arp send-gratuitous-arp interval 300

gratuitous-arp-learning enable

Use gratuitous-arp-learning enable to enable learning of gratuitous ARP packets.

Use undo gratuitous-arp-learning enable to disable learning of gratuitous ARP packets.

Syntax

gratuitous-arp-learning enable

undo gratuitous-arp-learning enable

Default

Learning of gratuitous ARP packets is enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

The learning of gratuitous ARP packets feature allows a device to maintain its ARP table by creating or updating ARP entries based on received gratuitous ARP packets.

When this feature is disabled, the device uses received gratuitous ARP packets to update existing ARP entries only. ARP entries are not created based on the received gratuitous ARP packets, which saves ARP table space.

Examples

# Enable learning of gratuitous ARP packets.

<Sysname> system-view

[Sysname] gratuitous-arp-learning enable

gratuitous-arp-sending enable

Use gratuitous-arp-sending enable to enable sending gratuitous ARP packets upon receiving ARP requests whose sender IP address is on a different subnet.

Use undo gratuitous-arp-sending enable to disable sending gratuitous ARP packets upon receiving ARP requests whose sender IP address is on a different subnet.

Syntax

gratuitous-arp-sending enable

undo gratuitous-arp-sending enable

Default

A device does not send gratuitous ARP packets when it receives ARP requests whose sender IP address is on a different subnet.

Views

System view

Predefined user roles

network-admin

Examples

# Disable a device from sending gratuitous ARP packets upon receiving ARP requests whose sender IP address is on a different subnet.

<Sysname> system-view

[Sysname] undo gratuitous-arp-sending enable

gratuitous-arp mac-change retransmit

Use gratuitous-arp mac-change retransmit to set the times and the interval for retransmitting a gratuitous ARP packet for the device MAC address change.

Use undo gratuitous-arp mac-change retransmit to restore the default.

Syntax

gratuitous-arp mac-change retransmit times interval seconds

undo gratuitous-arp mac-change retransmit

Default

The device sends a gratuitous packet for its MAC address change once only.

Views

System view

Predefined user roles

network-admin

Parameters

times: Specifies the times of retransmitting a gratuitous packet, in the range of 1 to 10.

interval seconds: Specifies the interval for retransmitting a gratuitous packet, in the range of 1 to 10 seconds.

Usage guidelines

The device sends a gratuitous ARP packet to inform other devices of its MAC address change. However, the other devices might fail to receive the packet because the device sends the gratuitous ARP packet once only by default. Use this command to configure gratuitous ARP retransmission parameters to ensure that the other devices can receive the packet.

After you execute this command, the device will retransmit a gratuitous ARP packet for its MAC address change at the specified interval for the specified times.

Examples

# Set the times to 3 and the interval to 5 for retransmitting a gratuitous ARP packet for the device MAC address change.

<Sysname> system-view

[Sysname] gratuitous-arp mac-change retransmit 3 interval 5

Proxy ARP commands

display local-proxy-arp

Use display local-proxy-arp to display the local proxy ARP status.

Syntax

display local-proxy-arp [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the local proxy ARP status for all interfaces.

Usage guidelines

You can use this command to check whether local proxy ARP is enabled or disabled.

Examples

# Display the local proxy ARP status for GigabitEthernet 1/0/6.

<Sysname> display local-proxy-arp interface gigabitethernet 1/0/6

Interface GigabitEthernet1/0/6

Local Proxy ARP status: enabled

Related commands

local-proxy-arp enable

display proxy-arp

Use display proxy-arp to display the proxy ARP status.

Syntax

display proxy-arp [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the proxy ARP status for all interfaces.

Usage guidelines

You can use this command to check whether proxy ARP is enabled or disabled.

Examples

# Display the proxy ARP status on GigabitEthernet 1/0/6.

<Sysname> display proxy-arp interface gigabitethernet 1/0/6

Interface GigabitEthernet1/0/6

Proxy ARP status: disabled

Related commands

proxy-arp enable

Use proxy-arp enable to enable common proxy ARP.

Use undo proxy-arp enable to disable common proxy ARP.

Syntax

proxy-arp enable

undo proxy-arp enable

Default

Common proxy ARP is disabled.

Views

Layer 3 Ethernet interface view

Layer 3 Ethernet subinterface view

Layer 3 aggregate interface view

Layer 3 aggregate subinterface view

VLAN interface view

Predefined user roles

network-admin

Usage guidelines

Proxy ARP enables a device on a network to answer ARP requests for an IP address not on that network.

With proxy ARP, hosts in different broadcast domains can communicate with each other as they do on the same network. To allow communication between hosts that connect to different Layer 3 interfaces or Layer 3 subinterfaces and reside in different broadcast domains, enable common proxy ARP.

Examples

# Enable common proxy ARP on GigabitEthernet 1/0/6.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/6

[Sysname-GigabitEthernet1/0/6] proxy-arp enable

Related commands

display proxy-arp

ARP suppression commands

arp suppression enable

Use arp suppression enable to enable ARP suppression.

Use undo arp suppression enable to disable ARP suppression.

Syntax

arp suppression enable

undo arp suppression enable

Default

ARP suppression is disabled.

Views

Cross-connect view

Predefined user roles

network-admin

Usage guidelines

You must enable L2VPN before you enter cross-connect view.

Examples

# Enable ARP suppression for cross-connect 2 in cross-connect group 1.

<Sysname> system-view

[Sysname] xconnect-group 1

[Sysname-xcg-1] connection 2

[Sysname-xcg-1-2] arp suppression enable

Related commands

arp suppression push interval

Use arp suppression push interval to enable the ARP suppression push feature and set a push interval.

Use undo arp suppression push interval to disable the ARP suppression push feature.

Syntax

arp suppression push interval interval

undo arp suppression push interval

Default

The ARP suppression push feature is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Specifies a push interval for ARP suppression, in the range of 1 to 1440 minutes.

Usage guidelines

The ARP suppression push feature regularly pushes ARP suppression entries by broadcasting gratuitous ARP packets.

Examples

# Configure the device to push ARP suppression entries every 2 minutes.

<Sysname> system-view

[Sysname] arp suppression push interval 2

Related commands

arp suppression enable

display arp suppression xconnect-group

Use display arp suppression xconnect-group to display ARP suppression entries.

Syntax

display arp suppression xconnect-group [ name group-name ] [ count ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name group-name: Specifies a cross-connect group by its name, a case-sensitive string of 1 to 31 characters excluding hyphens (-). If you do not specify a cross-connect group, this command display ARP suppression entries for all cross-connect groups.

Examples

# Display ARP suppression entries for all cross-connect groups.

<Sysname> display arp suppression xconnect-group

IP address MAC address Xconnect-group Connection Aging

100.1.1.1 000c-29fe-5a8f vpna svc 12

100.1.1.2 000c-29fe-5aa3 vpna svc 25

# Display the total number of ARP suppression entries.

<Sysname> display arp suppression xconnect-group count

Total entries: 2

Table 5 Command output

Field	Description
IP address	IP address in the ARP suppression entry.
MAC address	MAC address in the ARP suppression entry.
Xconnect-group	Name of the cross-connect group to which the ARP suppression entry belongs.
Connection	Name of the cross-connect to which the ARP suppression entry belongs.
Aging	Aging time of the ARP suppression entry, in minutes.

Related commands

reset arp suppression xconnect-group

Use reset arp suppression xconnect-group to clear ARP suppression entries.

Syntax

reset arp suppression xconnect-group [ name group-name ]

Views

User view

Predefined user roles

network-admin

Parameters

name group-name: Specifies a cross-connect group by its name, a case-sensitive string of 1 to 31 characters excluding hyphens (-). If you do not specify a cross-connect group, this command clears ARP suppression entries for all cross-connect groups.

Examples

# Clear ARP suppression entries for all cross-connect groups.

<Sysname> reset arp suppression xconnect-group

Related commands

display arp suppression xconnect-group

ARP direct route advertisement commands

arp route-direct advertise

Use arp route-direct advertise to enable ARP direct route advertisement.

Use undo arp route-direct advertise to disable ARP direct route advertisement.

Syntax

arp route-direct advertise

undo arp route-direct advertise

Default

ARP direct route advertisement is disabled.

Views

System view

Layer 3 Ethernet interface view

Layer 3 Ethernet subinterface view

Layer 3 aggregate interface view

Layer 3 aggregate subinterface view

VPN instance view

Predefined user roles

network-admin

Usage guidelines

You can enable ARP direct route advertisement in different views.

· In system view, the feature takes effect on all interfaces on the public network.

· In interface view, the feature takes effect on the specified interface.

· In VPN instance view, the feature takes effect on all interfaces that belong to the VPN instance.

To disable ARP direct route advertisement on an interface, you must also disable ARP direct route advertisement in the VPN instance or the public network to which the interface belongs.

Examples

# Enable ARP direct route advertisement in system view.

<Sysname> system-view

[Sysname] arp route-direct advertise

# Enable ARP direct route advertisement on GigabitEthernet 1/0/6.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/6

[Sysname-GigabitEthernet1/0/6] arp route-direct advertise

# Enable ARP direct route advertisement in VPN instance vpna.

<Sysname> system-view

[Sysname] ip vpn-instance vpna

[Sysname-vpn-instance-vpna] arp route-direct advertise

04-Layer 3—IP Services Command Reference

arp safe-guard enable

arp timer aging

Application scenarios

Restrictions and guidelines

display arp entry-limit

display arp vpn-instance

reset arp

gratuitous-arp-learning enable

display local-proxy-arp

display proxy-arp

proxy-arp enable

ARP suppression commands

ARP direct route advertisement commands

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us