Enabling natural mask support for arp requests, Displaying and maintaining arp – H3C Technologies H3C SecPath F1000-E User Manual
Page 276
251
When dynamic ARP entry check is enabled, the firewall cannot learn dynamic ARP entries containing
multicast MAC addresses.
When dynamic ARP entry check is disabled, the firewall can learn dynamic ARP entries containing
multicast MAC addresses.
To enable dynamic ARP entry check:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enable dynamic ARP entry check.
arp check enable
Optional.
Enabled by default.
Enabling natural mask support for ARP requests
This feature enables the firewall to learn the sender IP and MAC addresses in a received ARP request
whose sender IP address is on the same classful network as but a different subnet from the IP address of
the receiving interface. A classful network refers to a class A, B, or C network.
For example, VLAN-interface 10 with IP address 10.10.10.5/24 receives an ARP request from
10.11.11.1/8. Because the subnet address calculated by the AND operation of 10.11.11.1 and the receiving
interface's 24-bit subnet mask is not in the subnet 10.10.10.5/24, VLAN-interface 10 cannot process the
ARP packet.
With this feature enabled, the firewall calculates the subnet address by using the default mask of the class
A network where 10.10.10.5/24 resides. Because 10.10.10.5/24 is on the same class A network as
10.11.11.1/8, VLAN-interface 10 can learn the sender IP and MAC addresses in the request.
To enable natural mask support for ARP requests:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enable natural mask support for ARP requests.
naturemask-arp enable
Disabled by default
Displaying and maintaining ARP
Task Command
Remarks
Display ARP entries in the ARP
table.
display arp [ [ all | dynamic | static ] | vlan
vlan-id | interface interface-type
interface-number ] [ count | verbose ] [ |
{ begin | exclude | include }
regular-expression ]
Available in any view
Display the ARP entry for a
specified IP address.
display arp ip-address [ verbose ] [ | { begin
| exclude | include } regular-expression ]
Available in any view
Display the ARP entries for a
specified VPN instance.
display arp vpn-instance vpn-instance-name
[ count ] [ | { begin | exclude | include }
regular-expression ]
Available in any view
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS H3C SecBlade LB Cards H3C SecPath L1000-A Load Balancer