Static ARP configuration on S series switch

0

On an S series switch, except S1700, run the arp static command in the system view to configure a static ARP entry.
When the outbound interface is an Ethernet interface, run the arp static ip-address mac-address interface interface-type interface-number command to configure a static ARP entry.
When a VPN instance needs to be specified for the ARP entry, run the arp static ip-address mac-address vpn-instance vpn-instance-name command.
To configure a short ARP entry (only contains IP address and MAC address mapping, without VLAN or outbound interface), run the arp static ip-address mac-address command.
To configure a static ARP entry in which the IP address is 10.1.1.1, MAC address is 0efc-0505-86e3, VLAN ID is 10, and outbound interface is GE1/0/1, run:
[HUAWEI] arp static 10.1.1.1 0efc-0505-86e3 vid 10 interface gigabitethernet 1/0/1
- To configure a static ARP entry in which the IP address is 10.1.1.1, MAC address is 0efc-0505-86e3, and VPN instance is vpn1, run:
[HUAWEI] ip vpn-instance vpn1
[HUAWEI-vpn-instance-vpn1] ipv4-family
[HUAWEI-vpn-instance-vpn1-af-ipv4] quit
[HUAWEI-vpn-instance-vpn1] quit
[HUAWEI] arp static 10.1.1.1 0efc-0505-86e3 vpn-instance vpn1

Other related questions:
Static ARP support on S series switches
S series switches (except S1700 switches) support static ARP entries.

Proxy ARP configuration on S series switch
An S series switch, except S1700, supports the following proxy ARP: routed proxy ARP, intra-VLAN proxy ARP, and inter-VLAN proxy ARP, which are configured using the arp-proxy enable, arp-proxy inner-sub-vlan-proxy enable, and arp-proxy inter-sub-vlan-proxy enable commands respectively. Routed proxy ARP (available on all models in V2R5 and later versions, but unavailable on S275x and S5700LI in the versions earlier than V2R5) The destination IP address in the received ARP request packet and the IP address of the inbound interface are in different subnets, but there is a route to the destination IP address and the outbound/inbound interfaces of the route are different. Routed proxy ARP takes effect in this situation. The switch uses its MAC address as the source MAC address to return ARP reply packets. Intra-VLAN proxy ARP (available on all models in V2R5 and later versions, but unavailable on S275x and S5700LI in the versions earlier than V2R5) If the destination IP address of the received ARP request packet and the IP address of the inbound interface are in the same subnet, intra-VLAN proxy ARP takes effect. Inter-VLAN proxy ARP (unavailable on S1720, S2720, S275x, S5700LI and E series switches) It is similar to intra-VLAN proxy ARP. Inter-VLAN proxy ARP takes effect only on super VLAN. If the destination IP address of the received ARP request packet and the IP address of the inbound interface are in the same subnet, inter-VLAN proxy ARP takes effect. If the source and destination are in the same VLAN, inter-VLAN proxy ARP is not required. Regardless of which type of proxy ARP is used, the destination IP address of the received ARP request packet and the IP address of the inbound interface must be in the same subnet.

Three methods of IP + MAC binding on S series switch
The S series switches, except S1700, support three IP and MAC address binding methods: IPSG, static ARP binding, and static DHCP binding. They are applicable to different scenarios. Details are as follows: Scenario 1: To prevent clients from changing their IP addresses without permission, configure IPSG. Description: Configure a global binding table to bind IP addresses, MAC addresses, interfaces, and VLANs. Enable IPSG on the interfaces or VLANs. When the IP packets from a PC reach an IPSG-enabled interface or VLAN, the switch matches the packets against binding table. If the packets match an entry, the packets are forwarded; otherwise, the packets are discarded. Scenario 2: To prevent ARP spoofing (ARP entries on the switch are modified by fake ARP packets), configure static ARP entries. Description: Static ARP entries are manually configured and maintained. They will not be aged out or overridden by dynamic ARP entries. Static ARP entries ensure communication between the local device and a specified device by using a specified MAC address so that attackers cannot modify mappings between IP addresses and MAC addresses in static ARP entries. Scenario 3: To assign fixed IP addresses to certain users, configure static DHCP binding. Description: If some special clients such as the Web server need fixed IP addresses, bind fixed IP addresses to MAC addresses of these clients. When receiving a request for applying for an IP address from a special client, a DHCP server assigns the fixed IP address bound to the client's MAC address to this client.(The DHCP server preferentially assigns the IP addresses bound to MAC addresses to clients.)

Configure basic ARP functions on S series switches
On S series switches (except S1700 switches), you can run the display arp all command to display ARP entries.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top