Delete ARP entries on S series switch

65

On an S series switch, except S1700, run the reset arp { all | dynamic [ ip ip-address [ vpn-instance vpn-instance-name ] ] | interface interface-type interface-number [ ip ip-address ] | static } command in the user view to delete ARP entries. The parameters are as follows:
all: deletes all ARP entries.
dynamic: deletes dynamic ARP entries.
static: deletes static ARP entries.
interface: deletes ARP entries on the specified interface.
ip-address: deletes ARP entries of the specified IP address.
vpn-instance: deletes ARP entries in the specified VPN instance.

Run the undo arp static ip-address mac-address [ vpn-instance vpn-instance-name | [ vid vlan-id [ cevid ce-vid ] ] interface interface-type interface-number[.subinterface-number ] ] or undo arp static ip-address [ vpn-instance vpn-instance-name | vid vlan-id [ cevid ce-vid ] interface interface-type interface-number[.subinterface-number ] ] command in the system view to delete ARP entries.

Other related questions:
Delete ARP entries on S series switch
On an S series switch, except S1700, run the reset arp { all | dynamic [ ip ip-address [ vpn-instance vpn-instance-name ] ] | interface interface-type interface-number [ ip ip-address ] | static } command in the user view to delete ARP entries. The parameters are as follows: all: deletes all ARP entries. dynamic: deletes dynamic ARP entries. static: deletes static ARP entries. interface: deletes ARP entries on the specified interface. ip-address: deletes ARP entries of the specified IP address. vpn-instance: deletes ARP entries in the specified VPN instance. Run the undo arp static ip-address mac-address [ vpn-instance vpn-instance-name | [ vid vlan-id [ cevid ce-vid ] ] interface interface-type interface-number[.subinterface-number ] ] or undo arp static ip-address [ vpn-instance vpn-instance-name | vid vlan-id [ cevid ce-vid ] interface interface-type interface-number[.subinterface-number ] ] command in the system view to delete ARP entries.

View ARP entries on S series switches
If an S series switch (except the S1700 switch�? works at Layer 2, you can only view the MAC addresses of devices connected to an interface, not the IP addresses. You can run the display mac-address command. The command output is as follows: MAC address table of slot 0: MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID VSI/SI MAC-Tunnel 5489-980d-4ef6 1 - - GE0/0/1 dynamic 0/- 5489-98c2-19e3 20 - - GE0/0/2 dynamic 0/- Total matching items on slot 0 displayed = 2 ——————————————————————————————————————�?If an S series switch (except the S1700 switch�? works at Layer 3, you can run the display arp [ all ] command to view ARP entries including mappings between IP addresses and MAC addresses. In addition, you can find the outbound interfaces toward the devices based on the mappings. The command output is as follows: IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN 10.137.217.202 00e0-0987-7890 I - Eth0/0/0 10.137.216.1 0000-5e00-0149 20 D-0 Eth0/0/0 Total:2 Dynamic:1 Static:0 Interface:1 ———————————————————————————————————————�?With known MAC addresses or IP addresses, you can obtain outbound interfaces and mappings between IP addresses and MAC addresses of specific devices based on the MAC table or ARP table on the switch. In the preceding output, if the MAC ADDRESS field is Incomplete, the ARP entry is temporary. When an IP packet triggers an ARP Miss message, the switch generates a temporary ARP entry and sends ARP Request packets to the destination network segment. The following situations may occur before the temporary ARP entry ages: Before receiving an ARP Reply packet, the switch discards IP packets matching the temporary ARP. No ARP Miss message will be triggered. After receiving the ARP Reply packet, the switch generates a correct ARP entry to replace the temporary ARP entry. When the temporary ARP entry expires, the switch deletes it.

Aged ARP entry display on S series switches
On S series switches (except S1700 switches), aged ARP entries cannot be displayed. You can only view the current ARP table.

Aging time of ARP entries on S series switches
For S series switches (except S1700 switches),
the default aging time of dynamic ARP entries is 1200s (20 minutes). You can run the arp expire-time  expire-time command in the system view or an interface view to configure the aging time of dynamic ARP entries. Configure the second expire-time variable as the target aging time of dynamic ARP entries.
Static ARP entries do not age.

How to configure ARP entry restriction on S and E series switches
For S and E series switches (except S1700 switches): To prevent ARP entries from being exhausted by ARP attacks from a host connecting to an interface on the device, set the maximum number of ARP entries that the interface can dynamically learn. When the number of the ARP entries learned by a specified interface reaches the maximum number, no dynamic ARP entry can be added. # Configure that VLANIF 10 can dynamically learn a maximum of 20 ARP entries. [HUAWEI] vlan batch 10 [HUAWEI] interface vlanif 10 [HUAWEI-Vlanif10] arp-limit maximum 20 # Configure that Layer 2 interface GE0/0/1 can dynamically learn a maximum of 20 ARP entries from VLAN 10. [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] arp-limit vlan 10 maximum 20 # Configure that Layer 3 interface GE0/0/1 can dynamically learn a maximum of 20 ARP entries. [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] undo portswitch [HUAWEI-GigabitEthernet0/0/1] arp-limit maximum 20 The interfaces on some switch models cannot switch between Layer 2 and Layer 3 modes through the undo portswitch command.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top