Static ARP support on S series switches

8

S series switches (except S1700 switches) support static ARP entries.

Other related questions:
Static ARP configuration on S series switch
On an S series switch, except S1700, run the arp static command in the system view to configure a static ARP entry. When the outbound interface is an Ethernet interface, run the arp static ip-address mac-address interface interface-type interface-number command to configure a static ARP entry. When a VPN instance needs to be specified for the ARP entry, run the arp static ip-address mac-address vpn-instance vpn-instance-name command. To configure a short ARP entry (only contains IP address and MAC address mapping, without VLAN or outbound interface), run the arp static ip-address mac-address command. To configure a static ARP entry in which the IP address is 10.1.1.1, MAC address is 0efc-0505-86e3, VLAN ID is 10, and outbound interface is GE1/0/1, run: [HUAWEI] arp static 10.1.1.1 0efc-0505-86e3 vid 10 interface gigabitethernet 1/0/1 - To configure a static ARP entry in which the IP address is 10.1.1.1, MAC address is 0efc-0505-86e3, and VPN instance is vpn1, run: [HUAWEI] ip vpn-instance vpn1 [HUAWEI-vpn-instance-vpn1] ipv4-family [HUAWEI-vpn-instance-vpn1-af-ipv4] quit [HUAWEI-vpn-instance-vpn1] quit [HUAWEI] arp static 10.1.1.1 0efc-0505-86e3 vpn-instance vpn1

Proxy ARP support on S series switches
Proxy ARP support on S series switches is as follows: # Routed proxy ARP: In versions earlier than V200R005, this feature is supported by all models except the S275x or S5700LI. In V200R005 and later versions, this feature is supported by all models. # Intra-VLAN proxy ARP: In versions earlier than V200R005, this feature is supported by all models except the S275x or S5700LI. In V200R005 and later versions, this feature is supported by all models. # Inter-VLAN proxy ARP: This feature is supported by all models except S1720, S2720, S275x, and S5700LI of S series fixed switches.

Support of static DHCP binding by S series switches
You can assign fixed IP addresses to clients using static DHCP binding. The support by S series switches excluding the S1700 is as follows: - V200R005 and later versions: All switch models support this function excluding the S2720 in V200R006C10. - Earlier versions of V200R005: All switch models support this function excluding the S5700LI/S5700S-LI/S2750.

Three methods of IP + MAC binding on S series switch
The S series switches, except S1700, support three IP and MAC address binding methods: IPSG, static ARP binding, and static DHCP binding. They are applicable to different scenarios. Details are as follows: Scenario 1: To prevent clients from changing their IP addresses without permission, configure IPSG. Description: Configure a global binding table to bind IP addresses, MAC addresses, interfaces, and VLANs. Enable IPSG on the interfaces or VLANs. When the IP packets from a PC reach an IPSG-enabled interface or VLAN, the switch matches the packets against binding table. If the packets match an entry, the packets are forwarded; otherwise, the packets are discarded. Scenario 2: To prevent ARP spoofing (ARP entries on the switch are modified by fake ARP packets), configure static ARP entries. Description: Static ARP entries are manually configured and maintained. They will not be aged out or overridden by dynamic ARP entries. Static ARP entries ensure communication between the local device and a specified device by using a specified MAC address so that attackers cannot modify mappings between IP addresses and MAC addresses in static ARP entries. Scenario 3: To assign fixed IP addresses to certain users, configure static DHCP binding. Description: If some special clients such as the Web server need fixed IP addresses, bind fixed IP addresses to MAC addresses of these clients. When receiving a request for applying for an IP address from a special client, a DHCP server assigns the fixed IP address bound to the client's MAC address to this client.(The DHCP server preferentially assigns the IP addresses bound to MAC addresses to clients.)

Whether S series switches support IPSG
All S series switches except the following support IPSG: S1700 switches S2700-SI switches W series cards of S7700, S9700, and S1270 switches S9300 of earlier versions than V100R002 For switches that do not support IPSG, you can run the mac-address static vlan command to configure static MAC addresses and run the mac-address learning disable command to disable MAC address learning on interfaces to realize a function similar to IPSG.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top