Hp 5920 User manual

HP 5920 & 5900 Switch Series

Layer 3 - IP Services

Configuration Guide

Part number: 5998-2894

Software version: Release2207

Document version: 6W100-20121130

Legal and notice information

No part of this documentation may be reproduced or transmitted in any form or by any means without

prior written consent of Hewlett-Packard Development Company, L.P.

The information contained herein is subject to change without notice.

HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS

MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY

AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained

herein or for incidental or consequential damages in connection with the furnishing, performance, or

use of this material.

The only warranties for HP products and services are set forth in the express warranty statements

accompanying such products and services. Nothing herein should be construed as constituting an

additional warranty. HP shall not be liable for technical or editorial errors or omissions contained

herein.

i

Contents

Configuring ARP··························································································································································· 1

Overview············································································································································································1

ARP message format ················································································································································1

ARP operating mechanism ······································································································································1

ARP table···································································································································································2

Configuring a static ARP entry·········································································································································3

Configuring a multiport ARP entry···································································································································4

Configuring the maximum number of dynamic ARP entries ·························································································4

Setting the aging timer for dynamic ARP entries ···········································································································5

Enabling dynamic ARP entry check ································································································································5

Displaying and maintaining ARP·····································································································································6

Static ARP configuration example ···································································································································6

Network requirements··············································································································································6

Configuration procedure ·········································································································································7

Multiport ARP entry configuration example····················································································································7

Network requirements··············································································································································7

Configuration procedure ·········································································································································8

Configuring gratuitous ARP ·······································································································································10

Overview········································································································································································· 10

Gratuitous ARP packet learning··························································································································· 10

Periodic sending of gratuitous ARP packets ······································································································· 10

Configuration procedure··············································································································································· 11

Configuring proxy ARP··············································································································································12

Enabling common proxy ARP ······································································································································· 12

Enabling local proxy ARP·············································································································································· 12

Displaying proxy ARP···················································································································································· 12

Common proxy ARP configuration example··············································································································· 13

Network requirements··········································································································································· 13

Configuration procedure ······································································································································ 13

Configuring ARP snooping········································································································································14

Configuration procedure··············································································································································· 14

Displaying and maintaining ARP snooping ················································································································ 14

Configuring IP addressing·········································································································································15

Overview········································································································································································· 15

IP address classes·················································································································································· 15

Special IP addresses ············································································································································· 16

Subnetting and masking ······································································································································· 16

Assigning an IP address to an interface ······················································································································ 17

Configuration guidelines ······································································································································ 17

Configuration procedure ······································································································································ 17

Configuring IP unnumbered ·········································································································································· 17

Configuration guidelines ······································································································································ 17

Configuration prerequisites ·································································································································· 18

Configuration procedure ······································································································································ 18

Displaying and maintaining IP addressing ················································································································· 18

IP address configuration example ································································································································ 18

Network requirements··········································································································································· 18

ii

Configuration procedure ······································································································································ 19

Verifying the configuration··································································································································· 19

DHCP overview ··························································································································································21

DHCP address allocation ·············································································································································· 21

Allocation mechanisms ········································································································································· 21

Dynamic IP address allocation process··············································································································· 22

IP address lease extension···································································································································· 22

DHCP message format··················································································································································· 23

DHCP options ································································································································································· 24

Common DHCP options········································································································································ 24

Custom DHCP options··········································································································································· 24

Protocols and standards ················································································································································ 26

Configuring the DHCP server····································································································································27

Overview········································································································································································· 27

DHCP address pool··············································································································································· 27

IP address allocation sequence···························································································································· 28

DHCP server configuration task list ······························································································································ 29

Configuring an address pool on the DHCP server····································································································· 29

Configuration task list ··········································································································································· 29

Creating a DHCP address pool··························································································································· 30

Specifying IP address ranges for a DHCP address pool ·················································································· 30

Configuring gateways for the client ···················································································································· 33

Configuring a domain name suffix for the client ······························································································· 34

Configuring DNS servers for the client ··············································································································· 34

Configuring WINS servers and NetBIOS node type for the client ·································································· 34

Configuring BIMS server information for the client···························································································· 35

Configuring the TFTP server and boot file name for the client ········································································· 35

Specifying a server for the DHCP client·············································································································· 36

Configuring Option 184 parameters for the client···························································································· 36

Configuring self-defined DHCP options ·············································································································· 37

Enabling DHCP ······························································································································································ 38

Enabling the DHCP server on an interface·················································································································· 38

Applying an address pool on an interface ················································································································· 38

Configuring IP address conflict detection···················································································································· 39

Enabling handling of Option 82·································································································································· 39

Configuring DHCP server compatibility······················································································································· 40

Configuring the DHCP server to broadcast all responses················································································· 40

Configure the DHCP server to ignore BOOTP requests ···················································································· 40

Configuring the DHCP server to send BOOTP responses in the format specified in RFC 1048 ·················· 40

Displaying and maintaining the DHCP server ············································································································ 41

DHCP server configuration examples ·························································································································· 41

Static IP address assignment configuration example························································································· 42

Dynamic IP address assignment configuration example··················································································· 43

DHCP user class configuration example············································································································· 44

Self-defined option configuration example········································································································· 46

Troubleshooting DHCP server configuration ··············································································································· 46

Symptom································································································································································· 46

Analysis ·································································································································································· 47

Solution··································································································································································· 47

Configuring the DHCP relay agent···························································································································48

Overview········································································································································································· 48

Operation······························································································································································· 48

DHCP relay agent support for Option 82 ·········································································································· 49

iii

DHCP relay agent configuration task list····················································································································· 49

Enabling DHCP ······························································································································································ 50

Enabling the DHCP relay agent on an interface ········································································································ 50

Specifying DHCP servers on a relay agent················································································································· 50

Configuring the DHCP relay agent security functions ································································································ 51

Enabling the DHCP relay agent to record relay entries ···················································································· 51

Enabling periodic refresh of dynamic relay entries··························································································· 51

Enabling DHCP starvation attack protection ······································································································ 52

Configuring the DHCP relay agent to release an IP address ···················································································· 52

Configuring Option 82 ················································································································································· 53

Displaying and maintaining the DHCP relay agent ··································································································· 53

DHCP relay agent configuration examples················································································································· 54

DHCP relay agent configuration example·········································································································· 54

Option 82 configuration example······················································································································· 55

Troubleshooting DHCP relay agent configuration······································································································ 55

Symptom································································································································································· 55

Analysis ·································································································································································· 55

Solution··································································································································································· 56

Configuring the DHCP client ·····································································································································57

Enabling the DHCP client on an interface··················································································································· 57

Configuring a DHCP client ID for an interface ··········································································································· 57

Enabling duplicated address detection ······················································································································· 58

Displaying and maintaining the DHCP client·············································································································· 58

DHCP client configuration example ····························································································································· 58

Network requirements··········································································································································· 58

Configuration procedure ······································································································································ 59

Verifying the configuration··································································································································· 60

Configuring DHCP snooping·····································································································································61

Overview········································································································································································· 61

Application of trusted and untrusted ports·········································································································· 61

DHCP snooping support for Option 82·············································································································· 62

DHCP snooping configuration task list ························································································································ 63

Configuring basic DHCP snooping······························································································································ 63

Configuring Option 82 ················································································································································· 64

Saving DHCP snooping entries ···································································································································· 65

Enabling DHCP starvation attack protection ··············································································································· 66

Enabling DHCP-REQUEST attack protection ··············································································································· 66

Configuring DHCP packet rate limit····························································································································· 67

Displaying and maintaining DHCP snooping ············································································································· 67

DHCP snooping configuration examples····················································································································· 68

Basic DHCP snooping configuration example ··································································································· 68

Option 82 configuration example······················································································································· 69

Configuring the BOOTP client···································································································································71

BOOTP application························································································································································ 71

Obtaining an IP address dynamically ························································································································· 71

Protocols and standards ················································································································································ 71

Configuring an interface to use BOOTP for IP address acquisition·········································································· 71

Displaying and maintaining BOOTP client ················································································································· 72

BOOTP client configuration example ·························································································································· 72

Network requirements··········································································································································· 72

Configuration procedure ······································································································································ 72

iv

Configuring DNS ·······················································································································································73

Overview········································································································································································· 73

Static domain name resolution····························································································································· 73

Dynamic domain name resolution······················································································································· 73

DNS proxy ····························································································································································· 74

DNS spoofing ························································································································································ 75

DNS configuration task list············································································································································ 76

Configuring the IPv4 DNS client ·································································································································· 76

Configuring static domain name resolution········································································································ 76

Configuring dynamic domain name resolution·································································································· 77

Configuring the IPv6 DNS client ·································································································································· 77

Configuring static domain name resolution········································································································ 77

Configuring dynamic domain name resolution·································································································· 78

Configuring the DNS proxy ·········································································································································· 79

Configuring DNS spoofing ··········································································································································· 79

Specifying the source interface for DNS packets ······································································································· 80

Configuring the DNS trusted interface················································································································ 80

Displaying and maintaining IPv4 DNS························································································································ 81

IPv4 DNS configuration examples ······························································································································· 81

Static domain name resolution configuration example ····················································································· 81

Dynamic domain name resolution configuration example ··············································································· 82

DNS proxy configuration example······················································································································ 84

IPv6 DNS configuration examples ······························································································································· 86

Static domain name resolution configuration example ····················································································· 86

Dynamic domain name resolution configuration example ··············································································· 86

DNS proxy configuration example······················································································································ 91

Troubleshooting IPv4 DNS configuration ···················································································································· 92

Symptom································································································································································· 92

Solution··································································································································································· 92

Troubleshooting IPv6 DNS configuration ···················································································································· 92

Symptom································································································································································· 92

Solution··································································································································································· 92

Configuring DDNS·····················································································································································93

Overview········································································································································································· 93

DDNS application ················································································································································· 93

DDNS client configuration task list······························································································································· 94

Configuring a DDNS policy·········································································································································· 94

Configuration prerequisites ·································································································································· 95

Configuration procedure ······································································································································ 95

Applying the DDNS policy to an interface·················································································································· 96

Displaying DDNS··························································································································································· 97

DDNS configuration examples ····································································································································· 97

DDNS configuration example 1 ·························································································································· 97

DDNS configuration example 2 ·························································································································· 98

Basic IP forwarding on the device ························································································································· 100

FIB table ········································································································································································100

Displaying FIB table entries·········································································································································100

Optimizing IP performance ···································································································································· 102

Enabling an interface to receive and forward directed broadcasts destined for the directly connected network

·······················································································································································································102

Configuration procedure ····································································································································102

Configuration example ·······································································································································102

Configuring MTU for an interface ······························································································································103

v

Configuring TCP MSS for an interface ······················································································································103

Configuring TCP path MTU discovery ·······················································································································104

Enabling TCP SYN Cookie··········································································································································105

Configuring the TCP buffer size··································································································································105

Configuring TCP timers················································································································································105

Enabling sending ICMP error packets ·······················································································································106

Functions of sending ICMP error packets ·········································································································106

Disadvantages of sending ICMP error packets································································································107

Configuration procedure ····································································································································107

Disabling forwarding ICMP fragments ······················································································································108

Displaying and maintaining IP performance optimization ······················································································108

Configuring UDP helper·········································································································································· 109

Overview·······································································································································································109

Configuration guidelines ·············································································································································109

Configuration procedure·············································································································································109

Displaying and maintaining UDP helper ···················································································································110

UDP helper configuration example ····························································································································110

Network requirements·········································································································································110

Configuration procedure ····································································································································110

Verifying the configuration·································································································································111

Configuring basic IPv6 settings······························································································································ 112

Overview·······································································································································································112

IPv6 features·························································································································································112

IPv6 addresses·····················································································································································113

IPv6 ND protocol·················································································································································115

IPv6 path MTU discovery····································································································································117

IPv6 transition technologies·········································································································································118

Dual stack·····························································································································································118

Tunneling······························································································································································118

Protocols and standards ··············································································································································118

IPv6 basics configuration task list·······························································································································119

Assigning IPv6 addresses to interfaces······················································································································119

Configuring an IPv6 global unicast address ····································································································120

Configuring an IPv6 link-local address ·············································································································120

Configuring an IPv6 anycast address ···············································································································121

Configuring IPv6 ND ···················································································································································122

Configuring a static neighbor entry ··················································································································122

Configuring the maximum number of neighbors dynamically learned ·························································122

Setting the aging timer for ND entries in stale state························································································123

Minimizing link-local ND entries························································································································123

Setting the hop limit ············································································································································123

Configuring parameters for RA messages········································································································124

Configuring the maximum number of attempts to send an NS message for DAD·······································126

Configuring path MTU discovery ·······························································································································126

Configuring the interface MTU ··························································································································126

Configuring a static path MTU for a specific IPv6 address ············································································127

Configuring the aging time for dynamic path MTUs·······················································································127

Controlling sending ICMPv6 packets·························································································································127

Enabling replying to multicast echo requests ···································································································127

Enabling sending ICMPv6 destination unreachable messages······································································128

Enabling sending ICMPv6 time exceeded messages ······················································································128

Enabling sending ICMPv6 redirect messages ··································································································129

Displaying and maintaining IPv6 basics ···················································································································129

vi

IPv6 basics configuration example ····························································································································130

Network requirements·········································································································································130

Configuration procedure ····································································································································131

Verifying the configuration·································································································································131

Troubleshooting IPv6 basics configuration················································································································135

Symptom·······························································································································································135

Solution·································································································································································135

DHCPv6 overview··················································································································································· 136

DHCPv6 address/prefix assignment··························································································································136

Rapid assignment involving two messages·······································································································136

Assignment involving four messages·················································································································136

Address/prefix lease renewal ····································································································································137

Stateless DHCPv6·························································································································································138

Protocols and standards ··············································································································································138

Configuring the DHCPv6 server····························································································································· 139

Overview·······································································································································································139

IPv6 address assignment ····································································································································139

IPv6 prefix assignment········································································································································139

Concepts·······························································································································································140

DHCPv6 address pool ········································································································································141

IPv6 address/prefix allocation sequence ·········································································································142

Configuration task list ··················································································································································142

Configuring IPv6 prefix assignment ···························································································································142

Configuration guidelines ····································································································································142

Configuration procedure ····································································································································143

Configuring IPv6 address assignment························································································································143

Configuration guidelines ····································································································································144

Configuration procedure ····································································································································144

Configuring network parameters assignment ···········································································································145

Configuring the DHCPv6 server on an interface ······································································································146

Configuration guidelines ····································································································································146

Configuration procedure ····································································································································146

Displaying and maintaining the DHCPv6 server ······································································································146

DHCPv6 server configuration examples····················································································································147

Dynamic IPv6 prefix assignment configuration example ················································································147

Dynamic IPv6 address assignment configuration example·············································································150

Configuring tunneling ············································································································································· 152

Overview·······································································································································································152

IPv6 over IPv4 tunneling ·····································································································································152

IPv4 over IPv4 tunneling ·····································································································································154

IPv4 over IPv6 tunneling ·····································································································································155

IPv6 over IPv6 tunneling ·····································································································································156

Protocols and standards ·····································································································································157

Tunneling configuration task list ·································································································································157

Configuring a tunnel interface····································································································································157

Configuring an IPv6 over IPv4 manual tunnel···········································································································158

Configuration example ·······································································································································159

Configuring a 6to4 tunnel···········································································································································161

6to4 tunnel configuration example ···················································································································162

Configuring an ISATAP tunnel ····································································································································164

Configuration example ·······································································································································165

Configuring an IPv4 over IPv4 tunnel ························································································································167

Configuration example ·······································································································································168

vii

Configuring an IPv4 over IPv6 tunnel ························································································································170

Configuration example ·······································································································································171

Configuring an IPv6 over IPv6 tunnel ························································································································173

Configuration example ·······································································································································175

Displaying and maintaining tunneling configuration ·······························································································177

Troubleshooting tunneling configuration ···················································································································177

Symptom·······························································································································································177

Analysis ································································································································································177

Solution·································································································································································177

Configuring GRE····················································································································································· 178

Overview·······································································································································································178

GRE encapsulation format··································································································································178

GRE encapsulation and de-encapsulation ········································································································179

Protocols and standards ·····································································································································179

Configuring a GRE over IPv4 tunnel ··························································································································179

Configuration prerequisites ································································································································180

Configuration procedure ····································································································································180

Configuring a GRE over IPv6 tunnel ··························································································································182

Configuration prerequisites ································································································································182

Configuration procedure ····································································································································182

Displaying and maintaining GRE·······························································································································183

GRE configuration examples ······································································································································184

GRE over IPv4 configuration example ··············································································································184

GRE over IPv6 configuration example ··············································································································187

Troubleshooting GRE ···················································································································································190

Support and other resources ·································································································································· 191

Contacting HP ······························································································································································191

Subscription service ············································································································································191

Related information······················································································································································191

Documents····························································································································································191

Websites·······························································································································································191

Conventions ··································································································································································192

Index ········································································································································································ 194

1

Configuring ARP

This chapter describes how to configure the Address Resolution Protocol (ARP).

Overview

ARP resolves IP addresses into MAC addresses on Ethernet networks.

ARP message format

ARP uses two types of messages: ARP request and ARP reply. Figure 1 shows the format of ARP

request/reply messages. Numbers in the figure refer to field lengths.

Figure 1 ARP message format

•Hardware type—Hardware address type. The value 1 represents Ethernet.

•Protocol type—Type of the protocol address to be mapped. The hexadecimal value 0x0800

represents IP.

•Hardware address length and protocol address length—Length, in bytes, of a hardware address

and a protocol address. For an Ethernet address, the value of the hardware address length field is

6. For an IPv4 address, the value of the protocol address length field is 4.

•OP—Operation code, which describes the type of ARP message. Value 1 represents an ARP request,

and value 2 represents an ARP reply.

•Sender hardware address—Hardware address of the device sending the message.

•Sender protocol address—Protocol address of the device sending the message.

•Target hardware address—Hardware address of the device to which the message is being sent.

•Target protocol address—Protocol address of the device to which the message is being sent.

ARP operating mechanism

As shown in Figure 2, Host A and Host B are on the same subnet. Host A sends a packet to Host B as

follows:

1. Host A looks through the ARP table for an ARP entry for Host B. If one entry is found, Host A uses

the MAC address in the entry to encapsulate the IP packet into a data link layer frame. Then Host

A sends the frame to Host B.

2

2. If Host A finds no entry for Host B, Host A buffers the packet and broadcasts an ARP request. The

payload of the ARP request comprises the following information:

{Sender IP address and sender MAC address—Host A's IP address and MAC address

{Target IP address—Host B's IP address

{Target MAC address—An all-zero MAC address

All hosts on this subnet can receive the broadcast request, but only the requested host (Host B)

processes the request.

3. Host B compares its own IP address with the target IP address in the ARP request. If they are the

same, Host B:

a. Adds the sender IP address and sender MAC address into its ARP table.

b. Encapsulates its MAC address into an ARP reply.

c. Unicasts the ARP reply to Host A.

4. After receiving the ARP reply, Host A:

a. Adds the MAC address of Host B into its ARP table.

b. Encapsulates the MAC address into the packet and sends the packet to Host B.

Figure 2 ARP address resolution process

If Host A and Host B are on different subnets, Host A sends a packet to Host B as follows:

1. Host A broadcasts an ARP request where the target IP address is the IP address of the gateway.

2. The gateway responds with its MAC address in an ARP reply to Host A.

3. Host A uses the gateway's MAC address to encapsulate the packet, and then sends the packet to

the gateway.

4. If the gateway has an ARP entry for Host B, it forwards the packet to Host B directly. If not, the

gateway broadcasts an ARP request, in which the target IP address is the IP address of Host B.

5. After the gateway gets the MAC address of Host B, it sends the packet to Host B.

ARP table

An ARP table stores dynamic and static ARP entries.

Dynamic ARP entry

ARP automatically creates and updates dynamic entries. A dynamic ARP entry is removed when its aging

timer expires or the output interface goes down. In addition, a dynamic ARP entry can be overwritten by

a static ARP entry.

3

Static ARP entry

A static ARP entry is manually configured and maintained. It does not age out and cannot be overwritten

by any dynamic ARP entry.

Static ARP entries protect communication between devices because attack packets cannot modify the

IP-to-MAC mapping in a static ARP entry.

Static ARP entries include long, short, and multiport ARP entries.

•A long static ARP entry comprises the IP address, MAC address, VLAN, and output interface. It is

directly used for forwarding packets.

•A short static ARP entry comprises only the IP address and MAC address. The device first sends an

ARP request whose target IP address is the IP address of the short entry. If the sender IP and MAC

addresses in the received ARP reply match the IP and MAC addresses of the short static ARP entry,

the device adds the interface that received the ARP reply to the short static ARP entry, and uses the

resolved short static ARP entry to forward IP packets.

•A multiport ARP entry comprises the IP address, MAC address, and VLAN. If a multiport ARP entry

has the same MAC address and VLAN as a multicast or multiport unicast MAC address entry, the

device can use the multiport ARP entry to send IP packets. A multiport ARP entry is manually

configured. It does not age out and cannot be overwritten by any dynamic ARP entry. For more

information about multicast MAC, see IP Multicast Configuration Guide.

To communicate with a host by using a fixed IP-to-MAC mapping, configure a short static ARP entry on

the device. To communicate with a host by using a fixed IP-to-MAC mapping through a specific interface

in a specific VLAN, configure a long static ARP entry on the device.

Configuring a static ARP entry

A static ARP entry is effective when the device works normally. If a VLAN or VLAN interface is deleted,

any long static ARP entry in the VLAN is deleted, and any resolved short static ARP entry in the VLAN

becomes unresolved.

A resolved short static ARP entry becomes unresolved upon certain events. For example, it becomes

unresolved when the resolved output interface goes down.

A long static ARP entry is ineffective if the IP address in the entry conflicts with a local IP address, or no

local interface has an IP address in the same subnet as the IP address in the ARP entry. An ineffective long

static ARP entry cannot be used to forward packets.

Follow these guidelines when you configure a static ARP entry:

•The vlan-id argument must be the ID of an existing VLAN where the ARP entry resides. The specified

Ethernet interface must belong to that VLAN. The VLAN interface of the VLAN must be created.

•The IP address of the VLAN interface of the VLAN specified by the vlan-id argument must belong to

the same subnet as the IP address specified by the ip-address argument.

To configure a static ARP entry:

Step Command Remarks

1. Enter system view. system-view N/A

4

Step Command Remarks

2. Configure a static ARP

entry.

•Configure a long static ARP entry:

arp static ip-address mac-address

vlan-id interface-type interface-number

[ vpn-instance vpn-instance-name ]

•Configure a short static ARP entry:

arp static ip-address mac-address

[ vpn-instance vpn-instance-name ]

Use either command.

By default, no static ARP entry is

configured.

Configuring a multiport ARP entry

A multiport ARP entry comprises an IP address, MAC address, and VLAN ID. To use the multiport ARP

entry, you must also configure a multicast or multiport unicast MAC address entry that has the same MAC

address and VLAN ID as the multiport ARP entry to specify multiple output interfaces. In addition, the IP

address in the multiport ARP entry must reside on the same subnet as the virtual interface of the specified

VLAN (VLAN interface). Otherwise, the multiport ARP entry does not take effect. For more information

about multiport unicast MAC addresses, see the mac-address multiport command in Layer 2—LAN

Switching Command Reference. For more information about multicast MAC addresses, see the

mac-address multicast command in IP Multicast Command Reference.

A multiport ARP entry can overwrite a dynamic, short static or long static ARP entry. A short static or long

static ARP entry can also overwrite a multiport ARP entry.

To configure a multiport ARP entry:

Step Command Remarks

1. Enter system view. system-view N/A

2. Configure a multicast or

multiport unicast MAC

address entry.

•Configure a multiport unicast MAC

address entry:

mac-address multiport mac-address

interface interface-list vlan vlan-id

•Configure a multicast MAC address

entry:

mac-address multicast mac-address

interface interface-list vlan vlan-id

Use either command.

By default, no multicast or

multiport unicast MAC address

entries are configured.

3. Configure a multiport ARP

entry.

arp multiport ip-address mac-address

vlan-id [ vpn-instance

vpn-instance-name ]

By default, no multiport ARP

entries are configured.

Configuring the maximum number of dynamic ARP

entries

An interface can dynamically learn ARP entries. To prevent an interface from holding too many ARP

entries, you can set the maximum number of dynamic ARP entries that the interface can learn. When the

maximum number is reached, the interface stops learning ARP entries.

5

The Layer-2 interface can learn an ARP entry only when both its maximum number and the VLAN

interface's maximum number are not reached.

To set the maximum number of dynamic ARP entries that an interface can learn:

Step Command Remarks

1. Enter system view. system-view N/A

2. Enter interface view. interface interface-type

interface-number N/A

3. Set the maximum number of

dynamic ARP entries. arp max-learning-num number

By default, an interface can learn a

maximum of 16384 dynamic ARP

entries.

If the value of the number argument is set

to 0, the interface is disabled from

learning dynamic ARP entries.

Setting the aging timer for dynamic ARP entries

Each dynamic ARP entry in the ARP table has a limited lifetime, called aging timer. The aging timer of a

dynamic ARP entry is reset each time the dynamic ARP entry is updated. A dynamic ARP entry that is not

updated before its aging timer expires is deleted from the ARP table.

To set the aging timer for dynamic ARP entries:

Step Command Remarks

1. Enter system view. system-view N/A

2. Set the aging timer for dynamic ARP

entries. arp timer aging aging-time By default, the aging time for

dynamic ARP entries is 20 minutes.

Enabling dynamic ARP entry check

The dynamic ARP entry check function controls whether the device supports dynamic ARP entries

containing multicast MAC addresses.

When dynamic ARP entry check is enabled, the device cannot learn dynamic ARP entries containing

multicast MAC addresses, and you cannot manually add static ARP entries containing multicast MAC

addresses.

When dynamic ARP entry check is disabled, the device can learn dynamic ARP entries containing

multicast MAC addresses obtained from the ARP packets sourced from a unicast MAC address. You can

also manually add static ARP entries containing multicast MAC addresses.

To enable dynamic ARP entry check:

Step Command Remarks

1. Enter system view. system-view N/A

2. Enable dynamic ARP entry check.

arp check enable By default, dynamic ARP entry check is

enabled.

6

Displaying and maintaining ARP

IMPORTANT:

Clearing ARP entries from the ARP table might cause communication failures. Make sure the entries to be

cleared do not affect current communications.

Execute display commands in any view and reset commands in user view.

Task Command

Display ARP entries.

display arp [ [ all | dynamic | multiport | static ] [ slot

slot-number ] | vlan vlan-id | interface interface-type

interface-number ] [ count | verbose ]

Display the ARP entry for a specific IP

address. display arp ip-address [slot slot-number ] [ verbose ]

Display the ARP entries for a specific VPN

instance. display arp vpn-instance vpn-instance-name [ count ]

Display the aging timer for dynamic ARP

entries. display arp timer aging

Clear ARP entries from the ARP table. reset arp { all | dynamic | interface interface-type

interface-number |multiport | slot slot-number | static }

Static ARP configuration example

Network requirements

As shown in Figure 3, hosts are connected to the switch, which is connected to the router through

interface Ten-GigabitEthernet 1/0/1 in VLAN 10.

To ensure secure communications between the router and switch, configure a static ARP entry for the

router on the switch.

7

Figure 3 Network diagram

Configuration procedure

# Create VLAN 10.

<Switch> system-view

[Switch] vlan 10

[Switch-vlan10] quit

# Add interface Ten-GigabitEthernet 1/0/1 to VLAN 10.

[Switch] interface Ten-GigabitEthernet 1/0/1

[Switch-Ten-GigabitEthernet1/0/1] port access vlan 10

[Switch-Ten-GigabitEthernet1/0/1] quit

# Create VLAN-interface 10 and configure its IP address.

[Switch] interface vlan-interface 10

[Switch-vlan-interface10] ip address 192.168.1.2 8

[Switch-vlan-interface10] quit

# Configure a static ARP entry that has IP address 192.168.1.1, MAC address 00e0-fc01-0000, and

output interface Ten-GigabitEthernet 1/0/1 in VLAN 10.

[Switch] arp static 192.168.1.1 00e0-fc01-0000 10 Ten-GigabitEthernet 1/0/1

# Display information about static ARP entries.

[Switch] display arp static

Type: S-Static D-Dynamic M-Multiport I-Invalid

IP Address MAC Address VLAN ID Interface Aging Type

192.168.1.1 00e0-fc01-0000 10 XGE1/0/1 N/A S

Multiport ARP entry configuration example

Network requirements

As shown in Figure 4, a switch connects to three servers through interfaces Ten-GigabitEthernet 1/0/1,

Ten-GigabitEthernet 1/0/2, and Ten-GigabitEthernet 1/0/3 in VLAN 10. The servers share the IP

address 192.168.1.1/24 and MAC address 00e0-fc01-0000.

8

Configure a multiport ARP entry to send IP packets with destination IP address 192.168.1.1 to the three

servers.

Figure 4 Network diagram

Configuration procedure

# Create VLAN 10.

<Switch> system-view

[Switch] vlan 10

[Switch-vlan10] quit

# Add Ten-GigabitEthernet 1/0/1, Ten-GigabitEthernet 1/0/2, and Ten-GigabitEthernet 1/0/3 to

VLAN 10.

[Switch] interface Ten-GigabitEthernet 1/0/1

[Switch-Ten-GigabitEthernet1/0/1] port access vlan 10

[Switch-Ten-GigabitEthernet1/0/1] quit

[Switch] interface Ten-GigabitEthernet 1/0/2

[Switch-Ten-GigabitEthernet1/0/2] port access vlan 10

[Switch-Ten-GigabitEthernet1/0/2] quit

[Switch] interface Ten-GigabitEthernet 1/0/3

[Switch-Ten-GigabitEthernet1/0/3] port access vlan 10

[Switch-Ten-GigabitEthernet1/0/3] quit

# Create VLAN-interface 10 and specify its IP address.

[Switch] interface vlan-interface 10

[Switch-vlan-interface10] ip address 192.168.1.2 24

[Switch-vlan-interface10] quit

# Configure a multiport unicast MAC address entry that has MAC address 00e0-fc01-0000, and output

interfaces Ten-GigabitEthernet 1/0/1, Ten-GigabitEthernet 1/0/2, and Ten-GigabitEthernet 1/0/3 in

VLAN 10.

[Switch] mac-address multiport 00e0-fc01-0000 interface Ten-GigabitEthernet 1/0/1 to

Ten-GigabitEthernet 1/0/3 vlan 10

# Configure a multiport ARP entry with IP address 192.168.1.1 and MAC address 00e0-fc01-0000.

[Switch] arp multiport 192.168.1.1 00e0-fc01-0000 10



Swtich

XGE1/0/1 XGE1/0/3

XGE1/0/2

Server group

192.168.1.1/24

00e0-fc01-0000

Server ServerServer

9

# Display ARP information.

[Switch] display arp

Type: S-Static D-Dynamic M-Multiport I-Invalid

IP Address MAC Address VLAN Interface Aging Type

192.168.1.1 00e0-fc01-0000 10 N/A N/A M

10

Configuring gratuitous ARP

Overview

In a gratuitous ARP packet, the sender IP address and the target IP address are the IP address of the

sending device.

A device sends a gratuitous ARP packet for either of the following purposes:

•Determine whether its IP address is already used by another device. If the IP address is already used,

the device is informed of the conflict by an ARP reply.

•Inform other devices of a MAC address change.

Gratuitous ARP packet learning

This feature enables a device to create or update ARP entries by using the sender IP and MAC addresses

in received gratuitous ARP packets.

When this feature is disabled, the device uses received gratuitous ARP packets to update existing ARP

entries only.

Periodic sending of gratuitous ARP packets

Enabling a device to periodically send gratuitous ARP packets helps downstream devices update ARP

entries or MAC entries in a timely manner. This feature can be used to prevent gateway spoofing, prevent

ARP entries from aging out, and prevent the virtual IP address of a VRRP group from being used by a host.

•Prevent gateway spoofing.

An attacker can use the gateway address to send gratuitous ARP packets to the hosts on a network,

so that the traffic destined for the gateway from the hosts is sent to the attacker instead. As a result,

the hosts cannot access the external network.

To prevent such gateway spoofing attacks, you can enable the gateway to send gratuitous ARP

packets containing its primary IP address and manually configured secondary IP addresses at a

specific interval, so hosts can learn correct gateway address information.

•Prevent ARP entries from aging out.

If network traffic is heavy or if the host CPU usage is high, received ARP packets can be discarded

or are not promptly processed. Eventually, the dynamic ARP entries on the receiving host age out

and the traffic between the host and the corresponding devices is interrupted until the host

re-creates the ARP entries.

To prevent this problem, you can enable the gateway to send gratuitous ARP packets periodically.

The gratuitous ARP packets contain the gateway's primary IP address or one of its manually

configured secondary IP addresses, so the receiving hosts can update ARP entries in time.

•Prevent the virtual IP address of a VRRP group from being used by a host.

The master router of a VRRP group can periodically send gratuitous ARP packets to the hosts on the

local network, so that the hosts can update local ARP entries and avoid using the virtual IP address

of the VRRP group. For more information about VRRP, see High Availability Configuration Guide.

11

{If the virtual IP address of the VRRP group is associated with a virtual MAC address, the sender

MAC address in the gratuitous ARP packet is the virtual MAC address of the virtual router.

{If the virtual IP address of the VRRP group is associated with the real MAC address of an

interface, the sender MAC address in the gratuitous ARP packet is the MAC address of the

interface on the master router in the VRRP group.

Configuration procedure

The following conditions apply to the gratuitous ARP configuration:

•You can enable periodic sending of gratuitous ARP packets on up to 1024 interfaces.

•Periodic sending of gratuitous ARP packets takes effect only when the link of the enabled interface

goes up and an IP address has been assigned to the interface.

•If you change the interval for sending gratuitous ARP packets, the configuration is effective at the

next sending interval.

•The frequency of sending gratuitous ARP packets may be much lower than the sending interval set

by the user in any of the following circumstances:

{This function is enabled on multiple interfaces.

{Each interface is configured with multiple secondary IP addresses.

{A small sending interval is configured when the previous two conditions exist.

To configure gratuitous ARP:

Step Command Remarks

1. Enter system view. system-view N/A

2. Enable learning of gratuitous

ARP packets. gratuitous-arp-learning enable By default, learning of gratuitous

ARP packets is enabled.

3. Enable the device to send

gratuitous ARP packets upon

receiving ARP requests whose

sender IP address belongs to

a different subnet.

gratuitous-arp-sending enable

By default, a device does not send

gratuitous ARP packets upon

receiving ARP requests whose

sender IP address belongs to a

different subnet.

4. Enter interface view. interface interface-type

interface-number N/A

5. Enable periodic sending of

gratuitous ARP packets and

set the sending interval.

arp send-gratuitous-arp [ interval

milliseconds ]

By default, periodic sending of

gratuitous ARP packets is disabled.

HP 5920 User manual

Popular Network Router manuals by other brands