Why cannot an S series switches learn ARP entries after Layer 3 forwarding is enabled on the switch's sub-interfaces

29

Q: Why cannot a switch learn ARP entries when connected to other devices after Layer 3 forwarding is enabled on the switch's sub-interfaces?
A: In V100R002 and later versions, sub-interfaces of S series switches do not respond to ARP requests by default when Layer 3 forwarding is enabled on the sub-interfaces. The sub-interfaces respond to ARP requests only after the arp-proxy enable command is executed.

Other related questions:
Reason why S series switch cannot learn ARP entries
When an S series switch, except S1700, works at Layer 2, the switch does not have ARP entries and cannot learn ARP entries. When an S series switch, except S1700, works at Layer 3 and cannot learn ARP entries, rectify the fault as follows: (1) Possible cause: The link between the switch and connected device fails. Solution: Perform ping operations to check whether the link fails. If so, rectify the link failure. (2) Possible cause: ARP strict learning is enabled on the switch. (After this function is enabled, the switch learns only the ARP reply packets in response to the ARP request packets sent by itself.) Solution: Run the undo arp learning strict command in the system or interface view to disable ARP strict learning. (3) Possible cause: The switch has too many ARP entries and may suffer an ARP attack. Solution: Configure static ARP entries for key servers or users and enable attack defense policies. Note: (1) By default, ARP strict learning is enabled on some models among fixed switches and disabled on modular switches. When a fixed switch connected to a modular switch receives a gratuitous ARP packet, the fixed switch does not learn ARP entries. Therefore, some fixed switches cannot learn ARP entries. (2) After ARP strict learning is enabled on a switch, the switch actively sends ARP request packets to hosts. Some PCs with wireless network adapters installed do not respond to ARP requests, so the switch cannot learn the ARP entries of the connected PCs. The PCs respond only after the network adapters are restarted. In this situation, disable ARP strict learning.

Strict ARP learning is enabled on S series switches, and the user has learned the switch's ARP entry. Why cannot the switch learn the user ARP entry by pinging the user
For S series switches: After strict ARP learning is enabled, the switch learns ARP entries only from the Reply packet sent in response to locally originated ARP Request packets. The firewall installed on the PC may prevent the PC from sending ARP Reply packets when receiving ARP Request packets, or the NIC on the computer cannot return ARP Reply packets. In this case, the switch cannot receive ARP Reply packets no matter whether the switch sends ping packets to the user or the user sends data packets to the switch to trigger ARP Miss messages. Therefore, the switch cannot learn the user's ARP entry. If this problem occurs on only a few users, configure static ARP entries for the users; if the problem happens on most users, disable strict ARP learning on the switch.

Why is no Layer 3 multicast forwarding entry generated on S series switches after users order multicast programs
The possible causes are as follows: - No RP is configured on the PIM-SM network. In this case, configure static or dynamic RP. - The route to the multicast source or RP is unreachable. In this case, configure a unicast routing protocol to enable the switch to learn the routes to the multicast source or RP.

In which situation can ARP entries be learned after strict ARP learning is enabled
If strict ARP learning is enabled, a device does not learn ARP entries matching source IP addresses after receiving ARP request packets. The device updates an ARP entry matching the source IP address in a packet only when the device receives an ARP reply packet, the destination IP address of the ARP reply packet is the device address, and there is an ARP entry, temporary ARP entry, or actual ARP entry matching the source IP address. The device must send an ARP request packet to the source end. After receiving an ARP reply packet, the device learns the ARP entry matching the source end.

How to configure strict ARP entry learning on S series switches
For S series switches (except S1700 switches), enabling strict ARP entry learning allows the switch to learn only ARP entries for ARP Reply packets in response to ARP Request packets sent by itself. Enabling strict ARP entry learning on the switch device affects only the ARP entry learning on the switch, not on the hosts. # Enable strict ARP entry learning on VLANIF 100. [HUAWEI] interface vlanif 100 [HUAWEI-Vlanif100] arp learning strict force-enable # Enable strict ARP entry learning globally on the switch and enable this function on GE1/0/1. [HUAWEI] arp learning strict [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] undo portswitch [HUAWEI-GigabitEthernet0/0/1] arp learning strict force-disable The physical interfaces on some switch models cannot switch between Layer 2 and Layer 3 modes through the undo portswitch command.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top