HPE 3100 Configuration Manual

HPE 3100 48 v2 Switch

Layer 3—IP Services Configuration Guide

Part number: 5998-7643R Software version: Release 2111 Document version: 6W100-20160122

Enterprise products and services are set forth in the express warranty statements acco mpanying such products and services. Nothing herein should be construe d as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions co ntained herein.

Confidential computer software. V alid license from Hewlett Packard Enterprise required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and T e chnical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license.

Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise website.

Acknowledgments

Intel®, Itanium®, Pentium®, Intel Inside®, and the Intel Inside logo are trademarks of Intel Corporation in the United States and other countries.

Microsoft® and Windows® are trademarks of the Microsoft group of companies. Adobe® and Acrobat® are trademarks of Adobe Systems In corporated. Java and Oracle are registered trademarks of Oracle and/or its affiliates. UNIX® is a registered trademark of The Open Group.

Configuring ARP ·············································································· 1

Overview ·································································································································· 1

ARP message format ··········································································································· 1 ARP operation ···················································································································· 1

ARP table ·························································································································· 2 Configuring a static ARP entry ······································································································ 3 Configuring the maximum number of dynamic ARP entries for an interface ············································ 3 Setting the aging timer for dynamic ARP entries ··············································································· 4 Enabling dynamic ARP entry check ······························································································· 4  Configuring ARP quick update ······································································································ 5 Configuring multicast ARP ··········································································································· 5 Displaying and maintaining ARP ··································································································· 6 ARP configuration examples ········································································································ 6

Static ARP entry configuration example···················································································· 6

Multicast ARP configuration example ······················································································· 7

Configuring gratuitous ARP ······························································ 10

Overview ································································································································ 10

Gratuitous ARP packet learning ···························································································· 10

Periodic sending of gratuitous ARP packets ············································································ 10 Configuration guidelines ············································································································ 10 Configuration procedure ············································································································ 11 Enabling IP conflict notification ···································································································· 11

Configuring proxy ARP ···································································· 12

Overview ································································································································ 12

Common proxy ARP ·········································································································· 12

Local proxy ARP ··············································································································· 12 Enabling common proxy ARP ····································································································· 13 Enabling local proxy ARP ·········································································································· 13 Displaying and maintaining proxy ARP ························································································· 13 Proxy ARP configuration examples ······························································································ 14

Common proxy ARP configuration example ············································································ 14

Local proxy ARP configuration example in case of port isolation ·················································· 15

Local proxy ARP configuration example in isolate-user-VLAN ····················································· 16

Configuring ARP snooping ······························································· 18

Overview ································································································································ 18 Configuration procedure ············································································································ 18 Displaying and maintaining ARP snooping ···················································································· 18

Configuring IP addressing ································································ 19

Overview ································································································································ 19

IP address classes ············································································································ 19

Special IP addresses ········································································································· 20

Subnetting and masking ····································································································· 20 Assigning an IP address to an interface ························································································ 20

Configuration guidelines ····································································································· 21

Configuration procedure ····································································································· 21

Configuration example ········································································································ 21 Configuring IP unnumbered ········································································································ 23

Overview ························································································································· 23

Configuration guidelines ····································································································· 23

Configuration prerequisites ·································································································· 23

Configuration procedure ····································································································· 23 Displaying and maintaining IP addressing ····················································································· 24

DHCP overview ············································································· 25

DHCP address allocation ··········································································································· 25

Dynamic IP address allocation process ·················································································· 25

IP address lease extension ·································································································· 26 DHCP message format ············································································································· 26 DHCP options ························································································································· 27

Common DHCP options ······································································································ 28

Custom options ················································································································· 28 Protocols and standards ············································································································ 32

Configuring DHCP server ································································· 33

Overview ································································································································ 33

DHCP address pool ··········································································································· 33

IP address allocation sequence ···························································································· 34 DHCP server configuration task list ······························································································ 34 Configuring an address pool for the DHCP server ··········································································· 35

Configuration task list ········································································································· 35

Creating a DHCP address pool ···························································································· 35

Configuring address allocation mode for a common address pool ················································ 36

Configuring dynamic address allocation for an extended address pool ·········································· 38

Configuring a domain name suffix for the client ········································································ 38

Configuring DNS servers for the client ··················································································· 39

Configuring WINS servers and NetBIOS node type for the client ················································· 39

Configuring BIMS server information for the client ···································································· 39

Configuring gateways for the client ························································································ 40

Configuring Option 184 parameters for the client with voice service ············································· 40

Configuring the TFTP server and bootfile name for the client ······················································ 41

Specifying a server's IP address for the DHCP client································································· 41

Configuring self-defined DHCP options ·················································································· 42 Enabling DHCP ······················································································································· 42 Enabling the DHCP server on an interface ···················································································· 43

Configuration guidelines ····································································································· 43

Configuration procedure ····································································································· 43 Applying an extended address pool on an interface ········································································· 43 Configuring the DHCP server security functions ············································································· 44

Configuration prerequisites ·································································································· 44

Enabling unauthorized DHCP server detection ········································································ 44

Configuring IP address conflict detection ················································································ 44 Enabling client offline detection ··································································································· 45 Enabling handling of Option 82 ··································································································· 45

Configuration prerequisites ·································································································· 45

Enabling Option 82 handling ································································································ 46 Specifying the threshold for sending trap messages ········································································ 46

Configuration prerequisites ·································································································· 46

Configuration procedure ····································································································· 46 Setting the DSCP value for DHCP packets ···················································································· 46 Displaying and maintaining the DHCP server ················································································· 47 DHCP server configuration examples ··························································································· 47

Static IP address assignment configuration example ································································· 48

Dynamic IP address assignment configuration example ····························································· 49

Self-defined option configuration example··············································································· 50 Troubleshooting DHCP server configuration ·················································································· 51

Symptom ························································································································· 51

Analysis ·························································································································· 51

Solution ··························································································································· 51

Configuring DHCP relay agent ·························································· 53

Overview ································································································································ 53

Fundamentals ··················································································································· 53

DHCP relay agent support for Option 82 ················································································· 54 DHCP relay agent configuration task list ······················································································· 54

Enabling DHCP ······················································································································· 55 Enabling the DHCP relay agent on an interface ·············································································· 55 Correlating a DHCP server group with a relay agent interface ···························································· 55

Configuration guidelines ····································································································· 55

Configuration procedure ····································································································· 56 Configuring the DHCP relay agent security functions ······································································· 56

Configuring address check ·································································································· 56

Configuring periodic refresh of dynamic client entries ································································ 57

Enabling unauthorized DHCP server detection ········································································ 57

Enabling DHCP starvation attack protection ············································································ 58 Enabling offline detection ··········································································································· 58 Configuring the DHCP relay agent to release an IP address ······························································ 59 Configuring the DHCP relay agent to support Option 82 ··································································· 59

Configuration prerequisites ·································································································· 59

Configuration guidelines ····································································································· 59

Configuration procedure ····································································································· 60 Setting the DSCP value for DHCP packets ···················································································· 60 Displaying and maintaining the DHCP relay agent ·········································································· 61 DHCP relay agent configuration examples ···················································································· 61

DHCP relay agent configuration example ··············································································· 61

DHCP relay agent Option 82 support configuration example ······················································· 62 Troubleshooting DHCP relay agent configuration ············································································ 63

Symptom ························································································································· 63

Analysis ·························································································································· 63

Solution ··························································································································· 63

Configuring DHCP client ·································································· 64

Configuration restrictions ··········································································································· 64 Enabling the DHCP client on an interface ······················································································ 64 Setting the DSCP value for DHCP packets ···················································································· 64 Displaying and maintaining the DHCP client ·················································································· 65 DHCP client configuration example ······························································································ 65

Network requirements ········································································································ 65

Configuration procedure ····································································································· 65

Verifying the configuration ··································································································· 66

Configuring DHCP snooping ····························································· 68

DHCP snooping functions ·········································································································· 68

Ensuring that DHCP clients obtain IP addresses from authorized DHCP servers ····························· 68

Recording IP-to-MAC mappings of DHCP clients ····································································· 68 Application environment of trusted ports ······················································································· 69

Configuring a trusted port connected to a DHCP server ····························································· 69 Configuring trusted ports in a cascaded network ············································································· 69 DHCP snooping support for Option 82 ·························································································· 70 DHCP snooping configuration task list ·························································································· 71 Configuring DHCP snooping basic functions ·················································································· 71 Configuring DHCP snooping to support Option 82 ··········································································· 72 Configuring DHCP snooping entries backup ·················································································· 74 Enabling DHCP starvation attack protection ··················································································· 75 Enabling DHCP-REQUEST message attack protection ···································································· 75 Enabling MAC and port check ····································································································· 76 Configuring DHCP packet rate limit ······························································································ 76 Displaying and maintaining DHCP snooping ·················································································· 76 DHCP snooping configuration examples ······················································································· 77

DHCP snooping configuration example ·················································································· 77

DHCP snooping Option 82 support configuration example ························································· 78

Configuring BOOTP client ································································ 79

Overview ································································································································ 79

BOOTP application ············································································································ 79

Obtaining an IP address dynamically ····················································································· 79

Protocols and standards ····································································································· 79

iii

Configuration restrictions ··········································································································· 79 Configuring an interface to dynamically obtain an IP address through BOOTP ······································ 79 Displaying and maintaining BOOTP client configuration ··································································· 80 BOOTP client configuration example ···························································································· 80

Network requirements ········································································································ 80

Configuration procedure ····································································································· 80

Configuring IPv4 DNS ····································································· 81

Overview ································································································································ 81

Static domain name resolution ····························································································· 81

Dynamic domain name resolution ························································································· 81

DNS proxy ······················································································································· 82

DNS spoofing ··················································································································· 83 Configuring the IPv4 DNS client ·································································································· 84

Configuring static domain name resolution ·············································································· 84

Configuring dynamic domain name resolution ·········································································· 84 Configuring the DNS proxy ········································································································· 85 Configuring DNS spoofing ·········································································································· 85 Setting the DSCP value for DNS packets ······················································································ 86 Specifying the source interface for DNS packets ············································································· 86 Displaying and maintaining IPv4 DNS ·························································································· 86 Static domain name resolution configuration example ······································································ 87

Network requirements ········································································································ 87

Configuration procedure ····································································································· 87 Dynamic domain name resolution configuration example ·································································· 88

Network requirements ········································································································ 88

Configuration procedure ····································································································· 88

Verifying the configuration ··································································································· 90 DNS proxy configuration example ································································································ 91

Network requirements ········································································································ 91

Configuration procedure ····································································································· 91

Verifying the configuration ··································································································· 92 Troubleshooting IPv4 DNS configuration ······················································································· 92

Symptom ························································································································· 92

Solution ··························································································································· 92

Basic IP forwarding on the device ······················································ 93

FIB table ································································································································ 93 Displaying FIB table entries ········································································································ 93

Configuring load sharing ·································································· 95

Configuration procedure ············································································································ 95 Load sharing configuration example ····························································································· 95

Network requirements ········································································································ 95

Configuration procedure ····································································································· 95

Verifying the configuration ··································································································· 97

Configuring IRDP ··········································································· 98

Overview ································································································································ 98

Background ······················································································································ 98

Working mechanism ·········································································································· 98

Concepts ························································································································· 99

Protocols and standards ····································································································· 99 Configuration procedure ············································································································ 99 IRDP configuration example ····································································································· 100

Network requirements ······································································································ 100

Configuration procedure ··································································································· 101

Verifying the configuration ································································································· 101

Optimizing IP performance ····························································· 102

Enabling receiving and forwarding of directed broadcasts to a directly connected network ····················· 102

Enabling receiving of directed broadcasts to a directly connected network ··································· 102

Enabling forwarding of directed broadcasts to a directly connected network ································· 102

Configuration example ······································································································ 103 Configuring TCP attributes ······································································································· 103

Configuring TCP path MTU discovery ·················································································· 103

Configuring the TCP send/receive buffer size ········································································ 104

Configuring TCP timers ···································································································· 104 Configuring ICMP to send error packets ······················································································ 105

Advantages of sending ICMP error packets ··········································································· 105

Disadvantages of sending ICMP error packets ······································································· 106

Configuration procedure ··································································································· 106 Displaying and maintaining IP performance optimization ································································ 106

Configuring UDP helper ································································· 108

Overview ······························································································································ 108 Configuration restrictions and guidelines ····················································································· 108 Configuration procedure ·········································································································· 108 Displaying and maintaining UDP helper ······················································································ 109 UDP helper configuration example ····························································································· 109

Network requirements ······································································································ 109

Configuration procedure ··································································································· 109

Configuring IPv6 basics ································································· 111

Overview ······························································································································ 111

IPv6 features ·················································································································· 111

IPv6 addresses ··············································································································· 112

IPv6 neighbor discovery protocol ························································································ 114

IPv6 path MTU discovery ·································································································· 117

IPv6 transition technologies ······························································································· 117

Protocols and standards ··································································································· 118 IPv6 basics configuration task list ······························································································ 118 Configuring basic IPv6 functions ······························································································· 119

Enabling IPv6 ················································································································· 119

Configuring an IPv6 global unicast address ··········································································· 119

Configuring an IPv6 link-local address ················································································· 121

Configure an IPv6 anycast address ····················································································· 122 Configuring IPv6 ND ··············································································································· 123

Configuring a static neighbor entry ······················································································ 123

Configuring the maximum number of neighbors dynamically learned ·········································· 123

Setting the age timer for ND entries in stale state ··································································· 124

Configuring parameters related to RA messages ···································································· 124

Configuring the maximum number of attempts to send an NS message for DAD ··························· 126

Configuring ND snooping ·································································································· 127

Enabling ND proxy ··········································································································· 128 Configuring path MTU discovery ······························································································· 130

Configuring a static path MTU for a specific IPv6 address ························································ 130

Configuring the aging time for dynamic path MTUs ································································· 130 Configuring IPv6 TCP properties ······························································································· 131 Configuring ICMPv6 packet sending ·························································································· 131

Configuring the maximum ICMPv6 error packets sent in an interval············································ 131

Enabling replying to multicast echo requests ········································································· 132

Enabling sending ICMPv6 time exceeded messages ······························································ 132

Enabling sending ICMPv6 destination unreachable messages ·················································· 132

Enabling sending ICMPv6 redirect messages ········································································ 133 Enabling a device to discard IPv6 packets that contain extension headers ········································· 133 Configuring multicast ND ········································································································· 134 Displaying and maintaining IPv6 basics configuration ···································································· 134 IPv6 basics configuration example ····························································································· 135

Network requirements ······································································································ 135

Configuration procedure ··································································································· 136

Verifying the configuration ································································································· 137 Troubleshooting IPv6 basics configuration ··················································································· 141

Symptom ······················································································································· 141

Solution ························································································································· 141

DHCPv6 overview ········································································ 142

Hardware compatibility ············································································································ 142 Introduction to DHCPv6 ··········································································································· 142 DHCPv6 address/prefix assignment ··························································································· 142

Rapid assignment involving two messages ··········································································· 142

Assignment involving four messages ··················································································· 142 Address/prefix lease renewal ···································································································· 143 Configuring stateless DHCPv6 ·································································································· 144

Operation ······················································································································ 144 Protocols and standards ·········································································································· 145

Configuring DHCPv6 server ··························································· 146

Overview ······························································································································ 146

Concepts ······················································································································· 146

Prefix selection process ···································································································· 147 DHCPv6 server configuration task list ························································································· 147 Enabling the DHCPv6 server ···································································································· 147 Creating a prefix pool ·············································································································· 148 Configuring a DHCPv6 address pool ·························································································· 148

Configuration restrictions and guidelines ·············································································· 148

Configuration procedure ··································································································· 148 Applying the address pool to an interface ···················································································· 149 Setting the DSCP value for DHCPv6 packets ··············································································· 150 Displaying and maintaining the DHCPv6 server ············································································ 150 DHCPv6 server configuration example ······················································································· 150

Network requirements ······································································································ 150

Configuration considerations ······························································································ 151

Configuration procedure ··································································································· 151

Verifying the configuration ································································································· 152

Configuring DHCPv6 relay agent ····················································· 154

Overview ······························································································································ 154

DHCPv6 relay agent operation ··························································································· 154 Configuring the DHCPv6 relay agent ·························································································· 155

Configuration guidelines ··································································································· 155

Configuration procedure ··································································································· 155 Setting the DSCP value for DHCPv6 packets ··············································································· 156 Displaying and maintaining the DHCPv6 relay agent ····································································· 156 DHCPv6 relay agent configuration example ················································································· 156

Network requirements ······································································································ 156

Configuration procedure ··································································································· 157

Verifying the configuration ································································································· 157

Configuring DHCPv6 client ····························································· 159

Overview ······························································································································ 159 Configuration guidelines ·········································································································· 159 Configuring IPv6 address acquisition ·························································································· 159 Configuring stateless DHCPv6 ·································································································· 159 Setting the DSCP value for DHCPv6 packets ··············································································· 160 Displaying and maintaining the DHCPv6 client ············································································· 160 Stateless DHCPv6 configuration example ··················································································· 160

Network requirements ······································································································ 160

Configuration procedure ··································································································· 161

Verifying the configuration ································································································· 161

Configuring DHCPv6 snooping ························································ 163

Overview ······························································································································ 163

Ensuring that DHCPv6 clients obtain IPv6 addresses from authorized DHCPv6 servers ················· 163

Recording IP-to-MAC mappings of DHCPv6 clients ································································ 164 Enabling DHCPv6 snooping ····································································································· 164

Configuring a DHCPv6 snooping trusted port ··············································································· 164 Configuring the maximum number of DHCPv6 snooping entries an interface can learn ························· 165 Configuring DHCPv6 snooping to support Option 18 and Option 37 ·················································· 165 Displaying and maintaining DHCPv6 snooping ············································································· 166 DHCPv6 snooping configuration example ··················································································· 166

Network requirements ······································································································ 166

Configuration procedure ··································································································· 167

Verifying the configuration ································································································· 167

Configuring IPv6 DNS ··································································· 168

Overview ······························································································································ 168 Configuring the IPv6 DNS client ································································································ 168

Configuring static domain name resolution ············································································ 168

Configuring dynamic domain name resolution ········································································ 168 Setting the DSCP value for IPv6 DNS packets ············································································· 169 Displaying and maintaining IPv6 DNS ························································································ 169 Static domain name resolution configuration example ···································································· 170

Network requirements ······································································································ 170

Configuration procedure ··································································································· 170 Dynamic domain name resolution configuration example ································································ 171

Network requirements ······································································································ 171

Configuration procedure ··································································································· 171

Verifying the configuration ································································································· 174

Configuring tunneling ···································································· 176

Overview ······························································································································ 176

IPv6 over IPv4 tunneling ··································································································· 176

IPv4 over IPv4 tunneling ··································································································· 178

IPv4 over IPv6 tunneling ··································································································· 179

IPv6 over IPv6 tunneling ··································································································· 180

Protocols and standards ··································································································· 180 Tunneling configuration task list ································································································ 181 Configuring a tunnel interface ··································································································· 181

Configuration guidelines ··································································································· 181

Configuration procedure ··································································································· 181 Configuring an IPv6 manual tunnel ···························································································· 182

Configuration prerequisites ································································································ 182

Configuration guidelines ··································································································· 182

Configuration procedure ··································································································· 183

Configuration example ······································································································ 183 Configuring a 6to4 tunnel ········································································································· 187

Configuration prerequisites ································································································ 187

Configuration guidelines ··································································································· 187

Configuration procedure ··································································································· 187

Configuration example ······································································································ 188 Configuring an ISATAP tunnel ·································································································· 190

Configuration prerequisites ································································································ 190

Configuration guidelines ··································································································· 190

Configuration procedure ··································································································· 191

Configuration example ······································································································ 192 Configuring an IPv4 over IPv4 tunnel ························································································· 194

Configuration prerequisites ································································································ 194

Configuration guidelines ··································································································· 194

Configuration procedure ··································································································· 195

Configuration example ······································································································ 195 Configuring an IPv4 over IPv6 tunnel ························································································· 198

Configuration prerequisites ································································································ 198

Configuration guidelines ··································································································· 198

Configuration procedure ··································································································· 199

Configuration example ······································································································ 199 Configuring an IPv6 over IPv6 tunnel ························································································· 203

Configuration prerequisites ································································································ 203

vii

Configuration guidelines ··································································································· 203

Configuration procedure ··································································································· 203

Configuration example ······································································································ 204 Displaying and maintaining tunneling configuration ······································································· 207 Troubleshooting tunneling configuration ······················································································ 208

Symptom ······················································································································· 208

Solution ························································································································· 208

Configuring GRE ·········································································· 209

Overview ······························································································································ 209

GRE encapsulation format ································································································ 209

GRE encapsulation and de-encapsulation processes ······························································ 210

Protocols and standards ··································································································· 210 Configuring a GRE over IPv4 tunnel ··························································································· 211

Configuration prerequisites ································································································ 211

Configuration guidelines ··································································································· 211

Configuration procedure ··································································································· 211 Configuring a GRE over IPv6 tunnel ··························································································· 212

Configuration prerequisites ································································································ 212

Configuration guidelines ··································································································· 212

Configuration procedure ··································································································· 213 Displaying and maintaining GRE ······························································································· 213 GRE over IPv4 tunnel configuration example ··············································································· 214 GRE over IPv6 tunnel configuration example ··············································································· 217 Troubleshooting GRE ············································································································· 221

Document conventions and icons ···················································· 222

Conventions ························································································································· 222 Network topology icons ··········································································································· 223

Support and other resources ·························································· 224

Accessing Hewlett Packard Enterprise Support ············································································ 224 Accessing updates ················································································································· 224

Websites ······················································································································· 225

Customer self repair ········································································································· 225

Remote support ·············································································································· 225

Documentation feedback ·································································································· 225

Index ························································································· 227

viii

Configuring ARP

Overview

The Address Resolution Protocol (ARP) is used to resolve an IP address into a physical address (Ethernet MAC address, for example).

In an Ethernet LAN, a device uses ARP to resolve the IP address of the next hop to the corresponding MAC address.

ARP message format

ARP messages include ARP requests and ARP replies. Figure 1 shows the format of the ARP request/reply. Numbers in the figure refer to field lengths.

Figure 1 ARP message format

ARP message fields:

• Hardware type—The hardware address type. Value 1 represents Ethernet.

• Protocol type—The type of the protocol address to be mapped. The hexadecimal value

0x0800 represents IP.

• Hardware address length and protocol address length—Length, in bytes, of a hardware address and a protocol address. For an Ethernet address, the value of the hardware address length field is 6. For an IPv4 address, the value of the protocol address length field is 4.

• OP—Operation code, which describes type of the ARP message. Value 1 represents an ARP request, and value 2 represents an ARP reply.

• Sender hardware address—Hardware address of the device sending the message.

• Sender protocol address—Protocol address of the device sendin g the message.

• Target hardware address—Hardware address of the device to which the message is being

sent.

• Target protocol address—Protocol address of the device to which the messag e is being sent.

ARP operation

If Host A and Host B are on the same subnet and Host A sends a packet to Host B, as shown in Figure 2, the resolution process is:

1. Host A looks in its ARP table to see whether there is an ARP entry for Host B. If yes, Host A uses the MAC address in the entry to encapsulate the IP packet into a data link layer frame and sends the frame to Host B.

2. If Host A finds no entry for Host B, Host A buffers the packet and broadcasts an ARP request using the following information:

{ Source IP address and source MAC address—Host A’s own IP address and the MAC

address

{ Target IP address—Host B’s IP address { Target MAC address—An all-zero MAC address

All hosts on this subnet can receive the broadcast request, but only the requested host (Host B) processes the request.

3. Host B compares its own IP address with the target IP address in the ARP request. If they are the same, Host B:

a. Adds the sender IP address and sender MAC address into its ARP table. b. Encapsulates its MAC add ress into an ARP reply. c. Unicasts the ARP reply to Host A.

4. After receiving the ARP reply, Host A: a. Adds the MAC address of Host B to its ARP table. b. Encapsulates the MAC add ress into the packet and sends it to Host B.

Figure 2 ARP address resolution process

If Host A and Host B are on different subnets, the resolution process is as follows:

1. Host A sends an ARP request to the gateway. The target IP address in the ARP request is the IP address of the gateway.

2. After obtaining the MAC address of the gateway from an ARP reply, Host A sends the packet to the gateway.

3. If the gateway maintains the ARP entry of Host B, it forwards the packet to Host B directly; if not, it broadcasts an ARP request, in which the target IP address is the IP address of Host B.

4. After obtaining the MAC address of Host B, the gateway sends the packet to Host B.

ARP table

An ARP table stores dynamic and static ARP entries.

Dynamic ARP entry

ARP automatically creates and updates dynamic entries. A dynamic ARP entry is removed when its aging timer expires or the output interface goes down, and it can be overwritten b y a static ARP entry .

Static ARP entry

A static ARP entry is manually configured and maintained. It does not age out, and cannot be overwritten by a dynamic ARP entry.

Static ARP entries protect communication between devices, because attack packets cannot modify the IP-to-MAC mapping in a static ARP entry.

Static ARP entries can be classified into long, and short ARP entries.

• To configure a long static ARP entry, specify the IP address, MAC address, VLAN, and output interface. A long static ARP entry is directly used for forwarding matching packets. To allow communication with a host using a fixed IP-to-MAC mapping through a specific interface in a specific VLAN, configure a long static ARP entry for it.

• To configure a short static ARP entry, you only need to specify the IP address and MAC address.

If the output interface is a VLAN interface, the device first sends an ARP request whose target IP address is the IP address of the short entry. If the sender IP and MAC addresses in the received ARP reply match the IP and MAC addresses of the short static ARP entry, the device adds the interface receiving the ARP reply to the short static ARP entry, and then uses the resolved entry to forward the matching IP packets.

To communicate with a host by using a fixed IP-to-MAC mapping, configure a short static ARP entry for it.

Configuring a static ARP entry

A static ARP entry is effective when the device it corresponds to works properly. However, when a VLAN or VLAN interface is deleted, any static ARP entry corresponding to it will also be deleted (if it is a long static ARP entry) or will become unresolved (if it is a short and resolved static ARP entry).

Follow these guidelines when you configure a long static ARP entry:

• The vlan-id argument must be the ID of an existing VLAN where the ARP entry resides. The specified Ethernet interface must belong to that VLAN. The VLAN interface of the VLAN must be created.

• The IP address of the VLAN interface of the VLAN specified by the vlan-id argument must belong to the same subnet as the IP address specified by the ip-address argument.

To configure a static ARP entry:

Step Command Remarks

1. Enter system view.

2. Configure a static ARP

entry.

system-view

• Configure a long static ARP entry: arp static ip-address mac-address vlan-id

interface-type interface-number

• Configure a short static ARP entry: arp static ip-address mac-address

N/A

Use either command.

Configuring the maximum number of dynamic ARP entries for an interface

An interface can dynamically learn ARP entries. To prevent an interface from holding too many ARP entries, you can set the maximum number of dynamic ARP entries that an interface can learn. When the maximum number is reached, the interface stops learning ARP entries.

A Layer 2 interface can learn an ARP entry only when both its maximum number and the VLAN interface's maximum number are not reached.

To set the maximum number of dynamic ARP entries that an interface can learn:

Step Command Remarks

1. Enter system view.

2. Enter Ethernet interface view.

3. Set the maximum number of

dynamic ARP entries that the interface can learn.

system-view

interface

interface-number

arp max-learning-num

number

interface-type

N/A

Optional. By default, a Layer 2 interface does not

limit the number of dynamic ARP entries. A Layer 3 interface on the HPE 3100 48 v2 Switch can learn up to 2048 dynamic ARP entries.

If the value of the number argument is set to 0, the interface is disabled from learning dynamic ARP entries.

Setting the aging timer for dynamic ARP entries

Each dynamic ARP entry in the ARP table has a limited lifetime, called aging timer. The aging timer of a dynamic ARP entry is reset each tim e the dynamic ARP entry is updated. Dynamic ARP entries that are not updated before their aging timers expire are deleted from the ARP table.

To set the age timer for dynamic ARP entries:

Step Command Remarks

1. Enter system view.

2. Set the age timer for dynamic

ARP entries.

system-view

arp timer aging

aging-time

Enabling dynamic ARP entry check

The dynamic ARP entry check function controls whether the device supports dynamic ARP entries with multicast MAC addresses.

When dynamic ARP entry check is enabled, the dev ice cannot learn dynamic ARP entries containing multicast MAC addresses.

When dynamic ARP entry check is disabled, the device can learn dynamic ARP entries containing multicast MAC addresses.

To enable dynamic ARP entry check:

Step Command Remarks

1. Enter system view.

2. Enable dynamic ARP

entry check.

system-view

arp check enable

N/A Optional.

Enabled by default.

N/A Optional.

20 minutes by default.

Configuring ARP quick update

Hewlett Packard Enterprise recommends you enable ARP quick update in WLAN networks only. As shown in Figure 3, the laptop frequently roams between AP 1 and AP 2. This af fects the mapping

between its MAC address and output interface on the switch. If the switch does not update its ARP table immediately after the output interface changes, it might fail to communicate with the laptop.

Figure 3 ARP quick update application scenario

With ARP qui ck update en abled, the switch update s the corre sponding ARP entry immediately after the change of the mapping between a MAC address and an output interface to en sure nonstop data forwarding.

To enable ARP quick update:

Step Command Remarks

1. Enter system view.

2. Enable ARP quick

update.

system-view

mac-address station-move quick-notify enable

Configuring multicast ARP

Microsoft Network Load Balancing (NLB) is a load balancing technology for server clustering developed on Windows Server .

NLB supports load sharing and redundancy among servers within a cluster. To implement fast failover, NLB require s that the switch forwards network traf fic to all servers or specified servers in the cluster, and e ach server filters out unexpected traf fic. In a medium or small data center that uses the Windows Server operating system, the proper cooperation of the switch and NLB is very important. For more information about NLB, see the related documents of Windows Sever.

Microsoft NLB provides the following packet sending modes to make the switch forward network traffic to all servers or specified servers:

• Unicast mode—NLB assigns each cluster member a common MAC address, which is the cluster MAC address, and changes the source MAC address of each sent packet. Thus, the switch cannot add the cluster MAC address to its MAC table. In addition, because the cluster MAC address is unknown to the switch, packets destined to it are forwarded on all the ports of the switch.

• Multicast mode—NLB uses a multicast MAC address that is a virtual MAC address for n etwork communication, for example 0300-5e11-1111.

N/A Optional.

Disabled by default.

NOTE:

Multicast ARP is applicable to only multicast-mode NLB.

To configure multicast ARP:

Step Command Remarks

1. Disable the ARP entry

check function.

undo arp check enable

N/A

2. Configure a static ARP entry.

3. Configure a static multicast MAC address entry.

arp static

vlan-id interface-type interface-number

mac-address multicast

mac-address

vlan

ip-address mac-address

vlan-id

interface

interface-list

Displaying and maintaining ARP

CAUTION:

Clearing ARP entries from the ARP table might cause communication failures.

Task Command Remarks

Display ARP entries in the ARP table.

Display the ARP entry for a specified IP address.

display arp

slot-number ] | interface-type interface-number ] [

verbose

regular-expression ]

display arp

verbose

[ regular-expression ]

all

dynamic

[ [

vlan

vlan-id |

begin

] [ | {

ip-address [

| { begin | exclude | include

] [

exclude

static

interface

slot

slot-number ]

] [

count

include

Optional.

See IP Multicast Command Reference.

slot

Available in any view

}

Available in any view

}

Display the age timer for dynamic ARP entries.

Clear ARP entries from the ARP table.

display arp timer aging

include

reset arp

slot-number | interface-number }

} regular-expression ]

all

dynamic

{

interface

begin

[ | {

static

interface-type

ARP configuration examples

Static ARP entry configuration example

Network requirements

As shown in Figure 4, hosts are connected to the switch, which is connected to the router through interface Ethernet 1/0/1 in VLAN 10. The IP and MAC addresses of the router are 192.168.1.1/24 and 00e0-fc01-0000 respectively.

To prevent malicious users from attacking the switch and enhance security for communications between the router and switch, configure a static ARP entry for the router on the switch.

exclude

slot

Available in any view

Available in user view

Figure 4 Network diagram

Configuration procedure

Configure the switch: # Create VLAN 10.

<Switch> system-view [Switch] vlan 10 [Switch-vlan10] quit

# Add interface Ethernet 1/0/1 to VLAN 10.

[Switch] interface Ethernet 1/0/1 [Switch-Ethernet1/0/1] port link-type trunk [Switch-Ethernet1/0/1] port trunk permit vlan 10 [Switch-Ethernet1/0/1] quit

# Create interface VLAN-interface 10 and configure its IP address.

[Switch] interface vlan-interface 10 [Switch-vlan-interface10] ip address 192.168.1.2 24 [Switch-vlan-interface10] quit

# Configure a static ARP entry that has IP address 192.168.1.1, MAC addres s 00e0-f c01-0 000, and output interface Ethernet 1/0/1 in VLAN 10.

[Switch] arp static 192.168.1.1 00e0-fc01-0000 10 Ethernet 1/0/1

# Display information about static ARP entries.

[Switch] display arp static Type: S-Static D-Dynamic A-Authorized IP Address MAC Address VLAN ID Interface Aging Type

192.168.1.1 00e0-fc01-0000 10 Eth1/0/1 N/A S

Multicast ARP configuration example

Network requirements

As shown in Figure 5, a small data center uses Microsoft multicast-mode NLB. To enable the switches to cooperate with NLB, configure the following:

• Add Ethernet 1/0/2 and Ethernet 1/0/3 into VLAN 1, and specify IP address 16.1.1.30/24 for VLAN-interface 1.

• Add Ethernet 1/0/1 and Ethernet 1/0/4 into VLAN 2, and specify IP address 17.1.1.1/24 for VLAN-interface 2.

• Specify 17.1.1.1/24 as the default gateway of Host A and Host B.

• Specify 16.1.1.30/24 as the default gateway of Server A and Server B.

• Disable the ARP entry check function so that the switch can learn dynamic ARP entries

containing multicast MAC addresses.

• Configure a static multicast MAC address entry so that only interfaces Ethernet 1/0/2 and Ethernet 1/0/3 can receive multicast information.

Figure 5 Network diagram

Configuration procedure

This example only describes multicast ARP configuration on the switch, and is only applicable to multicast NLB. For NLB configuration on the servers, see the related documents of the Windows Server.

# Specify an IP address for VLAN-interface 2.

<Switch> system-view [Switch] vlan 2 [Switch-vlan2] port Ethernet 1/0/4 [Switch-vlan2] port Ethernet 1/0/1 [Switch-vlan2] quit [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 17.1.1.1 255.255.255.0 [Switch-Vlan-interface2] quit

# Specify an IP address for VLAN-interface 1.

[Switch] interface vlan-interface 1 [Switch-Vlan-interface1] ip address 16.1.1.30 255.255.255.0 [Switch-Vlan-interface1] quit

# Disable the ARP entry check function.

[Switch] undo arp check enable

# Configure a static multicast MAC address entry.

[Switch] mac-address multicast 03bf-1001-0164 interface Ethernet 1/0/2 Ethernet 1/0/3 vlan 1

Verifying the configuration

• NLB load sharing—Enables the FTP server function of Server A and Server B. Host A and Host B send requests to the virtual IP address and each of them logs in to a dif f erent server.

• NLB redundancy—Disables the network interface card of Server A. Host A and Host B send requests to the virtual IP address and both log in to the FTP server on Server B.

Configuring gratuitous ARP

Overview

In a gratuitous ARP packet, the sender IP address and the target IP address are the IP address of the sending device.

A device sends a gratuitous ARP packet for either of the following purposes:

• Determine whether its IP address is already used by another device. If the IP address is already used, the device is informed of the conflict by an ARP reply.

• Inform other devices of a change of its MAC address.

Gratuitous ARP packet learning

This feature enables a device to create or update ARP entries by using the sender IP and MAC addresses in received gratuitous ARP packets.

With this feature disabled, the device uses received gratuitous ARP packets to update existing ARP entries only.

Periodic sending of gratuitous ARP packets

Enabling a device to periodically send gratuitous ARP packets helps downstream devices update their corresponding ARP entries or MAC entries in time. This feature can be used to:

• Prevent gateway spoofing. When an attacker sends forged gratuitous ARP packets to the hosts on a network, the traffic

destined for the gateway from the hosts is sent to the attacker instead. As a result, the hosts cannot access the external network.

To prevent gateway spoofing attacks, enable the gateway to send gratuitous ARP packets containing its primary IP address and manually configured secondary IP addresses at a specific interval, so hosts can learn correct gateway address information.

• Prevent ARP entries from aging out. If network traffic is heavy or if a host’s CPU usage is high on a host, received ARP packets

might be discarded or not be processed in time. Eventually, the dynamic ARP entries on the receiving host age out, and the traffic between the host and the corresponding devices is interrupted until the host re-creates the ARP entries.

To prevent this problem, enable the gateway to send gratuitous ARP packets periodically. The gratuitous ARP packets contain the gateway's primary IP address or one of its manually configured secondary IP addresses, so the receiving host can update ARP entries in time, ensuring traffic continuity.

Configuration guidelines

Follow these guidelines when you configure gratuitous ARP:

• You can enable periodic sending of gratuitous ARP packets in VLAN interface view.

• You can enable periodic sending of gratuitous ARP pa ckets on a maximum of 1024 interfaces.

• Periodic sending of gratuitous ARP packets takes effect only when the link of the enabled

interface goes up and an IP address has been assigned to the interface.

• If you change the interval for sending gratuitous ARP packets, the configuration is effective at the next sending interval.

• The frequency of sending gratuitous ARP packets might be much lower than is expected if this function is enabled on multiple interfaces, if each interface is configu red with multiple secondary IP addresses, or if a small sending interval is configured in such cases.

Configuration procedure

To configure gratuitous ARP:

Step Command Remarks

1. Enter system view.

2. Enable learning of gratuitous

ARP packets.

3. Enable the device to send gratuitous ARP packets upon receiving ARP requests from another subnet.

4. Enter interface view.

5. Enable periodic sending of

gratuitous ARP packets and set the sending interval.

system-view

gratuitous-arp-learning enable

gratuitous-arp-sending enable

interface

interface-number

arp send-gratuitous-arp

interval

[

interface-type

milliseconds ]

Enabling IP conflict notification

If the sender IP address of a received gratuitous ARP packet is being used by the receiving device, by default, the receiving device sends a gratuitous ARP request, and it displays an error message after it receives an ARP reply. The receiving device repeats the default processing 5 seconds after displaying the error message, and it stops the processing when the conflict is resolved.

You can use this command to enable the device to display error message without sending any gratuitous ARP request for conflict confirmation. The receiving device displays the message every 30 seconds until the conflict is resolved.

N/A Optional.

Enabled by default. By default, a device does not send

gratuitous ARP packets upon receiving ARP requests from another subnet.

N/A

Disabled by default.

To enable IP conflict notification:

Step Command Remarks

1. Enter system view.

2. Enable IP conflict notification.

system-view

arp ip-conflict prompt

N/A Optional.

Disabled by default.

Configuring proxy ARP

Overview

Proxy ARP enables a device on a network to answer ARP requests for an IP address not on that network. With proxy ARP, hosts on different broadcast domains can communicate with each other as they do on the same network.

Proxy ARP includes common proxy ARP and local proxy ARP.

• Common proxy ARP—Allows communication between hosts that con nect to dif ferent Layer-3 interfaces and reside in different broadcast domains.

• Local proxy ARP—Allows communication between hosts that connect to the same Layer-3 interface and reside in different broadcast domains.

Common proxy ARP

A common proxy ARP enabled device allows host s that reside on dif ferent subnets to communicate. As shown in Figure 6, Switch connects to two subnets through VLAN-interface 1 and VLAN-interface

2. The IP addresses of the two interfaces are 192.168.10.99/24 and 192.168.20.99/24. Host A and

Host B are assigned the same prefix 192.168.0.0. Host A connects to VLAN-interface 1 and Host B connects to VLAN-interface 2.

Figure 6 Application environment of common proxy ARP

Because Host A and Host B have the same prefix 192.168.0.0, Host A considers that Host B is on the same network, and it broadcasts an ARP request for the MAC address of Host B. However, Host B cannot receive this request because it is in a different broadcast domain.

Y ou can common en able proxy ARP on VLAN-interface 1 of the switch so that the switch can reply to the ARP request from Host A with the MAC address of VLAN-interface 1, and forward packets sent from Host A to Host B. In this case, the switch acts as a proxy of Host B.

A main advantage of common proxy ARP is that you can enable it on a single switch without disturbing routing tables of other routers in the network. Proxy ARP acts as the gateway for hosts that are not configured with a default gateway or do not have routing capability.

Local proxy ARP

As shown in Figure 7, Host A and Host B belong to VLAN 2, but are isolated at Layer 2. Host A connects to Ethernet 1/0/3 while Host B connects to Ethernet 1/0/1. Enable local proxy ARP on Switch A to allow Layer 3 communication between the two hosts.

Figure 7 Application environment of local proxy ARP

Enable local proxy ARP in one of the following cases:

• Hosts connecting to different isolated La yer 2 port s in the sa me VLAN need to communicate at Layer 3.

• If an isolate-user-VLAN is configured, hosts in different secondary VLANs of the isolate-user-VLAN need to communicate at Layer 3.

Enabling common proxy ARP

To enable common proxy ARP in VLAN interface view

Step Command Remarks

1. Enter system view.

2. Enter interface view.

3. Enable proxy ARP.

system-view

interface

proxy-arp enable

interface-type interface-number

Enabling local proxy ARP

To enable local proxy ARP in VLAN interface view:

Step Command Remarks

1. Enter system view.

2. Enter interface view.

3. Enable local proxy ARP.

system-view

interface

local-proxy-arp enable

endIP ]

interface-type interface-number

ip-range

[

startIP to

N/A N/A Disabled by default

N/A N/A

Disabled by default

Displaying and maintaining proxy ARP

Task Command Remarks

Display whether common proxy ARP is enabled.

Display whether local proxy ARP is enabled.

display proxy-arp [ interface

interface-type interface-number ] [ | {

exclude

display local-proxy-arp [ interface

interface-type interface-number ] [ | {

exclude

include

} regular-expression ]

begin

Proxy ARP configuration examples

Common proxy ARP configuration example

Network requirements

As shown in Figure 8, Host A and Host D have the same IP prefix and mask (IP addre sses of Host A and Host D are 192.168.10.100/16 and 192.168.20.200/16 respectively), but they are located on different subnets separated by the switch (Host A belongs to VLAN 1 while Host D belongs to VLAN

2). As a result , Host D cannot receive or respond to any ARP request from Host A.

You must configure proxy ARP on the switch to enable communication between the two hosts.

Figure 8 Network diagram

Available in any view

Configuration procedure

# Create VLAN 2.

<Switch> system-view [Switch] vlan 2 [Switch-vlan2] quit

# Specify the IP address of interface VLAN-interface 1.

[Switch] interface vlan-interface 1 [Switch-Vlan-interface1] ip address 192.168.10.99 255.255.255.0

# Enable proxy ARP on interface VLAN-interface 1.

[Switch-Vlan-interface1] proxy-arp enable [Switch-Vlan-interface1] quit

# Specify the IP address of interface VLAN-interface 2.

[Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.20.99 255.255.255.0

# Enable proxy ARP on interface VLAN-interface 2.

[Switch-Vlan-interface2] proxy-arp enable

After completing preceding configurations, use the ping command to verify the connectivity between Host A and Host D.

Local proxy ARP configuration example in case of port isolation

Network requirements

As shown in Figure 9, Host A and Host B belong to the same VLAN, and connect to Switch B via Ethernet 1/0/3 and Ethernet 1/0/1 respectively. Switch B connects to Switch A via Ethernet 1/0/2.

Configure port isolation on Ethernet 1/0/3 and Ethernet 1/0/1 of Switch B to isolate Host A from Host B at Layer 2. Enable local proxy ARP on Switch A to allow communication between Host A and Host B at Layer 3.

Figure 9 Network diagram

Configuration procedure

1. Configure Switch B:

# Add Ethernet 1/0/3, Ethernet 1/0/1 and Ethernet 1/0/2 to VLAN 2. Configure port isolation on Host A and Host B.

<SwitchB> system-view [SwitchB] vlan 2 [SwitchB-vlan2] port Ethernet 1/0/3 [SwitchB-vlan2] port Ethernet 1/0/1 [SwitchB-vlan2] port Ethernet 1/0/2 [SwitchB-vlan2] quit [SwitchB] interface Ethernet 1/0/3 [SwitchB-Ethernet1/0/3] port-isolate enable [SwitchB-Ethernet1/0/3] quit

[SwitchB] interface Ethernet 1/0/1 [SwitchB-Ethernet1/0/1] port-isolate enable [SwitchB-Ethernet1/0/1] quit

2. Configure Switch A: # Create VLAN 2, and add Ethernet 1/0/2 to VLAN 2.

<SwitchA> system-view [SwitchA] vlan 2 [SwitchA-vlan2] port Ethernet 1/0/2 [SwitchA-vlan2] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 192.168.10.100 255.255.0.0

From Host A, ping Host B. The ping operation is unsuccessful because they are isolated at Layer 2.

# Configure local proxy ARP to allow communication between Host A and Host B at Layer 3.

[SwitchA-Vlan-interface2] local-proxy-arp enable

From Host A, ping Host B. The ping operation is successful after the configuration.

Local proxy ARP configuration example in isolate-user-VLAN

Network requirements

As shown in Figure 10, Switch B is attached to Switch A. VLAN 5 on Switch B is an isolate-user-VLAN, which includes uplink port Ethernet 1/0/2 and two secondary VLANs, VLAN 2 and VLAN 3. Ethernet 1/0/3 belongs to VLAN 2, and Ethernet 1/0/1 belongs to VLAN 3.

Host A belong s to VLAN 2 and connects to Ethernet 1/0/3 of Switch B. Host B belongs to VLAN 3 and connects to Ethernet 1/0/1 of Switch B.

As Host A and Host B belong to different secondary VLANs, they are isolated at Layer 2. Configure local proxy ARP on Switch A to implement Layer 3 communication between Host A and Host B.

Figure 10 Network diagram

192.168.10.100/16

Host A

192.168.10.99/16

Eth1/0/2

VLAN 5

Vlan-int5

Eth1/0/3

VLAN 2

Switch A

Eth1/0/2 VLAN 5

Switch B

Eth1/0/1

VLAN 3

Isolate-user-vlan 5

Secondary VLAN 2 and 3

Host B

192.168.10.200/16

Configuration procedure

1. Configure Switch B:

# Create VLAN 2, VLAN 3, and VLAN 5 on Switch B. Add Ethernet 1/0/3 to VLAN 2, Ethernet 1/0/1 to VLAN 3, and Ethernet 1/0/2 to VLAN 5. Configure VLAN 5 as the isolate-user-VLAN,

and VLAN 2 and VLAN 3 as secondary VLANs. Configure the mappings between isolate-user-VLAN and the secondary VLANs.

<SwitchB> system-view [SwitchB] vlan 2 [SwitchB-vlan2] port Ethernet 1/0/3 [SwitchB-vlan2] quit [SwitchB] vlan 3 [SwitchB-vlan3] port Ethernet 1/0/1 [SwitchB-vlan3] quit [SwitchB] vlan 5 [SwitchB-vlan5] port Ethernet 1/0/2 [SwitchB-vlan5] isolate-user-vlan enable [SwitchB-vlan5] quit [SwitchB] interface Ethernet 1/0/2 [SwitchB-Ethernet1/0/2] port isolate-user-vlan 5 promiscuous [SwitchB-Ethernet1/0/2] quit [SwitchB] interface Ethernet 1/0/1 [SwitchB-Ethernet1/0/1] port isolate-user-vlan host [SwitchB-Ethernet1/0/1] quit [SwitchB] interface Ethernet 1/0/3 [SwitchB-Ethernet1/0/3] port isolate-user-vlan host [SwitchB-Ethernet1/0/3] quit [SwitchB] isolate-user-vlan 5 secondary 2 3

2. Configure Switch A: # Create VLAN 5 and add Ethernet 1/0/2 to it.

<SwitchA> system-view [SwitchA] vlan 5 [SwitchA-vlan5] port Ethernet 1/0/2 [SwitchA-vlan5] quit [SwitchA] interface vlan-interface 5 [SwitchA-Vlan-interface5] ip address 192.168.10.100 255.255.0.0

From Host A, ping Host B. The ping operation is unsuccessful because they are isolated at Layer 2.

# Configure local proxy ARP to implement Layer 3 communication between Host A and Host B.

[SwitchA-Vlan-interface5] local-proxy-arp enable

From Host A, ping Host B. The ping operation is successful after the configuration.

Configuring ARP snooping

Overview

The ARP snooping feature is used in Layer 2 switching networks. It creates ARP snooping entries using ARP packets, and the entries can be used by manual-mode MFF to answer ARP reque sts from a gateway. For more information about MFF, see Security Configuration Guide.

If ARP snooping is enabled on a VLAN of a device, ARP packets received by the interfaces of the VLAN are redirected to the CPU. The CPU uses ARP packets to create ARP snooping entries comprising source IP and MAC addresses, VLAN and receiving port information.

The aging time and valid period of an ARP snooping entry are 25 minutes and 15 minutes, respectively. If an ARP snooping entry is not updated within 15 minutes, it becomes invalid and cannot be used. After that, if an ARP packet whose source IP and MAC addresses correspond with the entry is received, the entry becomes valid, and its age timer restarts. If the age timer of an ARP entry expires, the entry is removed.

If the ARP snooping device receives an ARP packet that has the same sender IP address as but a different sender MAC address from a vali d ARP snooping entry , it considers that an attack occurs. An ARP snooping entry conflict occurs in this case. As a result, the ARP snooping entry becomes invalid and is removed after 25 minutes.

Configuration procedure

To enable ARP snooping fo r a VLAN:

Step Command Remarks

1. Enter system view.

2. Enter VLAN view.

3. Enable ARP snooping.

system-view

vlan

vlan-id

arp-snooping enable

N/A N/A Disabled by default

Displaying and maintaining ARP snooping

Task Command Remarks

Display ARP snooping entries.

Remove ARP snooping entries.

display arp-snooping [ ip vlan

vlan-id ] [ | {

include

} regular-expression ]

reset arp-snooping [ ip

vlan-id ]

begin

ip-address |

exclude

ip-address |

vlan

Available in any view

Available in user view

Configuring IP addressing

This chapter describes IP addressing basic and manual IP address assignment for interfaces. Dynamic IP address assignment (BOOTP and DHCP) are beyond the scope of this chapter.

The term "interface" in this chapter collectively refers to VLAN interfaces.

Overview

This section describes the IP addressing basics. IP addressing uses a 32-bit address to identify each host on a network. To make addresses easier to

read, they are written in dotted decimal notation, each address being four octets in length. For example, address 00001010000000010000000100000001 in binary is written as 10.1.1.1.

IP address classes

Each IP address breaks down into two parts:

• Net ID—Identifies a network. The first several bits of a net ID, known as the class field or class bits, identify the class of the IP address.

• Host ID—Identifies a host on a network.

IP addresses are divided into five classes, shown in Figure 11. The shaded areas represent the address class. The first three classes are widely used.

Figure 11 IP address classes

Table 1 IP address classes and ranges

Class Address range Remarks

The IP address 0.0.0.0 is used by a host at startup for temporary communication. This address is never a valid

A 0.0.0.0 to 127.255.255.255

B 128.0.0.0 to 191.255.255.255 N/A

destination address. Addresses starting with 127 are reserved for loopback test.

Packets destined to these addresses are processed locally as input packets rather than sent to the link.

C 192.0.0.0 to 223.255.255.255 N/A D 224.0.0.0 to 239.255.255.255 Multicast addresses.

E 240.0.0.0 to 255.255.255.255

Reserved for future use except for the broadcast address

255.255.255.255.

Special IP addresses

The following IP addresses are for special use and cannot be used as ho st IP addresses.

• IP address with an all-zero net ID—Identifies a host on the local network. For example, IP address 0.0.0.16 indicates the host with a host ID of 16 on the local network.

• IP address with an all-zero host ID—Identifies a network.

• IP address with an all-one host ID—Identifies a directed broadcast address. For example, a

packet with the destination address of 192.168.1.255 will be broadcast to all the hosts on the network 192.168.1.0.

Subnetting and masking

Subnetting divides a network down into smaller networks called subnets by using some bits of the host ID to create a subnet ID.

Masking identifies the boundary between the host ID and the combination of net ID and subnet ID. (When subnetting is not adopted, a mask identifies the boundary between the net ID and the host ID.)

Each subnet mask is made up of 32 bits that correspond to the bits in an IP address. In a subnet mask, consecutive ones represent the net ID and subnet ID, and consecutive zeros represent the host ID.

Before being subnetted, Class A, B, and C networks use the following default masks (also called natural masks): 255.0.0.0, 255.255.0.0, and 255.255.255.0 respectively.

Figure 12 shows how a Class B network is subnetted.

Figure 12 Subnetting a Class B network

Subnetting increases the number of addresses that cannot be assigned to hosts. After being subnetted, a network can accommodate fewer hosts.

For example, a Class B network without subnetting can accommodate 1022 more hosts than the same network subnetted into 512 subnets.

• Without subnetting—65,534 hosts (2 address, which has an all-one host ID, and the netwo rk address, which has an all-zero host I D.)

• With subnetting—Using the first 9 bits of the host-id for subnetting provides 512 (2 However, only 7 bits remain available for the host ID. This allows 126 (2 subnet, a total of 64,512 hosts (512 × 126).

– 2). (The two deducted addresses are the broadcast

– 2) hosts in each

) subnets.

Assigning an IP address to an interface

You can assign an interface one primary address and multiple secondary addresses. Generally, you only need to assign the primary address to an interface. In some cases, you need to

assign secondary IP addresses to the interface. For example, if the interface connects to two subnets, to enable the device to communicate with all hosts on the LAN, you need to assign a primary IP address and a secondary IP address to the interface.

+ 209 hidden pages

HPE 3100 Configuration Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents

Configuring ARP

Overview

ARP message format

ARP operation

ARP table

Dynamic ARP entry

Static ARP entry

Configuring a static ARP entry

Configuring the maximum number of dynamic ARP entries for an interface

Setting the aging timer for dynamic ARP entries

Enabling dynamic ARP entry check

Configuring ARP quick update

Configuring multicast ARP

Displaying and maintaining ARP

ARP configuration examples

Static ARP entry configuration example

Network requirements

Configuration procedure

Multicast ARP configuration example

Network requirements

Configuration procedure

Verifying the configuration

Configuring gratuitous ARP

Overview

Gratuitous ARP packet learning

Periodic sending of gratuitous ARP packets

Configuration guidelines

Configuration procedure

Enabling IP conflict notification

Configuring proxy ARP

Overview

Common proxy ARP

Local proxy ARP

Enabling common proxy ARP

Enabling local proxy ARP

Displaying and maintaining proxy ARP

Proxy ARP configuration examples

Common proxy ARP configuration example

Network requirements

Configuration procedure

Local proxy ARP configuration example in case of port isolation

Network requirements

Configuration procedure

Local proxy ARP configuration example in isolate-user-VLAN

Network requirements

Configuration procedure

Configuring ARP snooping

Overview

Configuration procedure

Displaying and maintaining ARP snooping

Configuring IP addressing

Overview

IP address classes

Special IP addresses

Subnetting and masking

Assigning an IP address to an interface