Configure ARP entry update upon MAC address change on S series switch


principals of ARP entry update upon MAC address change on S series switches (except S1700):
Every device on a network has an IP address, which is used to communicate with other devices.
On an Ethernet, hosts, switches, or routers send and receive Ethernet data frames based on MAC addresses.
ARP provides mappings between IP addresses and MAC addresses. When devices on different network segments communicate, ARP entries must be used to map IP addresses to correct MAC addresses and outbound interfaces.

If you change the location of a host to connect the host to another interface of a switch, the host's MAC address will be learned on this interface and the outbound interface corresponding to the MAC address will change. However, the outbound interface in the ARP entry will be updated only after the aging time expires. Before the aging time expires, the switch will use the incorrect ARP entry for communication.

After the mac-address update arp command is configured in the system view, the outbound interface in an ARP entry can be updated based on the outbound interface in an MAC address entry.

1. This command is valid only for dynamic ARP entries instead of static ARP entries.
2. The mac-address update arp command will not take effect after the arp anti-attack entry-check enable command is executed to configure fixed ARP.
3. After ARP entry update upon MAC address change is enabled, an ARP entry is updated only when the outbound interface in the corresponding MAC address entry changes.
4. Configuring ARP entry update upon MAC address change will cause the gratuitous ARP packet discarding function to become ineffective.
5. S series switches running versions earlier than V100R006C00 do not support ARP entry update upon MAC address change.

Other related questions:
How to check ARP and MAC address entries on S series switches
For S series switches (except the S1700), you can run the display mac-address command to check MAC address entries and run the display arp command to check ARP entries.

How does an S series switch process ARP and MAC address entries when the STP topology changes
When the STP topology changes, an S series switch (except the S1700) processes ARP and MAC address entries as follows: 1. By default, all ports enter the Discarding state after STP is enabled. When the STP topology changes, dynamic ARP entries and MAC addresses on all ports are deleted. 2. When a port enters the Discarding state during normal running of the system, dynamic ARP and MAC address entries on the port are deleted. In addition, the device sends a TC packet to the upstream device, requesting it to delete the dynamic ARP and MAC address entries. When the root node receives the TC packet, the topology of the entire network converges.

Configurations that affect ARP entry updating on S series switches
S series switches (except S1700 switches) use ARP messages to dynamically learn and update dynamic ARP entries, which can be overwritten by static ARP entries. Dynamic ARP entries have an aging mechanism. When a dynamic ARP entry expires, the device sends aging detection packets to the corresponding host. If the device receives a response from the host within the specified number of detection times, the ARP entry is updated. If not, the ARP entry is deleted. In addition to aging parameters of dynamic ARP entries, some configurations on the device may affect the aging and updating of dynamic ARP entries. The following lists some common factors. MAC address-triggered ARP update (not supported by S1720, S2720, S275x, or S5700LI fixed switches) By default, the aging time of MAC address entries is 5 minutes, and the aging time of ARP entries is 20 minutes. In certain scenarios, MAC entries are updated, but the ARP entries are not updated accordingly, affecting user services. If this occurs, run the mac-address update arp command to enable the MAC address-triggered ARP update function. After the configuration, when the outbound interfaces in MAC address entries change, the outbound interfaces in ARP entries are updated, so that user services will not be interrupted. Spanning Tree Protocol (STP) By default, when the device receives a Topology Checksum (TC) packet of STP, it ages or deletes the corresponding ARP entry. If the STP convergence mode is fast, the device deletes the corresponding ARP entry when receiving a TC packet. If the STP convergence mode is normal, the device rapidly ages the corresponding ARP entry when receiving a TC packet, that is, the device sets the remaining lifetime of the ARP entry to 0. If the number of detection times for aging out the ARP entry is greater than 0, the device carries out aging detection of the ARP entry. If STP is deployed for a network, you are advised to configure the device interface directly connected to user terminals (such as hosts) as an edge port and enable the Bridge Protocol Data Unit (BPDU) protection function. If not, when a large number of TC packets are generated, the convergence speed of the STP network topology will be reduced, and the updating and maintenance of ARP entries will be affected, which will have an impact on user services. To prevent the device from aging or deleting ARP entries when receiving TC packets, run the arp topology-change disable command to disable the TC packet response function. You are advised to enable the MAC address-triggered ARP update function at the same time. Strict ARP learning After strict ARP learning is enabled, the device learns only the ARP Reply packets in response to the ARP Request packets sent by itself. ARP-CPCAR By default, each type of protocol packets has a default CPCAR value. The CPCAR values of some types of protocol packets need to be adjusted based on service specifications and users' network environments. When a lot of users connect to the device but the CPCAR values of the ARP Request packets and ARP Reply packets are small, ARP packets can be lost. (To check whether ARP packets are lost, run the display cpu-defend statistics all command.) This will affect ARP entry learning and updating. In this case, you can adjust the CPCAR values of ARP packets to proper values. Improper CPCAR settings will affect services on your network. It is recommended that you contact Huawei engineers before adjusting the CPCAR settings. When ARP attacks occur, the learning and updating of dynamic ARP entries will also be affected. In this case, you are advised to find out the attack source and configure appropriate attack defense functions.

Failed to update ARP entries on S series switch
If the VLAN IDs, MAC addresses, and interface information in ARP entries on an S series switch cannot be updated, check whether ARP attack defense policies have been configured, for example, arp anti-attack entry-check { fixed-mac | fixed-all | send-ack } enable.

Do CE series switches support ARP entry update upon a MAC address change
All models of CE switches in V100R003C10 and later versions support ARP entry update upon MAC address changes.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top