Configuring arp snooping, Configuration procedure, Displaying and maintaining arp snooping – H3C Technologies H3C S12500 Series Switches User Manual
Page 29
16
3B
Configuring ARP snooping
ARP snooping is used in Layer 2 switching networks. It creates ARP snooping entries by using information
in ARP packets. ARP fast-reply and manual-mode MFF (MAC–Forced Forwarding) can use the ARP
snooping entries.
If you enable ARP snooping on a VLAN, ARP packets received by any interface in the VLAN are
redirected to the CPU. The CPU uses the sender IP and MAC addresses of the ARP packets, and receiving
VLAN and port to create ARP snooping entries.
The aging time and valid period of an ARP snooping entry are 25 minutes and 15 minutes. If an ARP
snooping entry is not updated in 15 minutes, it becomes invalid and cannot be used. After that, if an ARP
packet matching the entry is received, the entry becomes valid, and its aging timer restarts. If the aging
timer of an ARP entry expires, the entry is removed.
If the ARP snooping device receives an ARP packet that has the same sender IP address as a valid ARP
snooping entry, but with a different sender MAC address, it assumes it has been attacked. The ARP
snooping entry becomes invalid, and is removed after 25 minutes.
38B
Configuration procedure
To enable ARP snooping:
Step Command
Remarks
1.
Enter system view.
system-view N/A
2.
Enter VLAN view.
vlan vlan-id N/A
3.
Enable ARP snooping
arp snooping enable
By default, ARP snooping is disabled.
39B
Displaying and maintaining ARP snooping
Execute display commands in any view and reset commands in user view.
Task Command
Display ARP snooping entries (in
standalone mode).
display arp snooping [ vlan vlan-id ] [ slot slot-number ] [ count ]
display arp snooping ip ip-address [ slot slot-number ]
Display ARP snooping entries (in IRF
mode).
display arp snooping [ vlan vlan-id ] [ chassis chassis-number slot
slot-number ] [ count ]
display arp snooping ip ip-address [ chassis chassis-number slot
slot-number ]
Remove ARP snooping entries.
reset arp snooping [ ip ip-address | vlan vlan-id ]
- H3C SR8800 H3C SR6600-X H3C SR6600 H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C S6800 Series Switches H3C S3100V2 Series Switches H3C S12500-X Series Switches H3C S9800 Series Switches