How do I configure static ARP binding on an AR

45

Static ARP entries are manually configured and maintained. They cannot be aged and overridden by dynamic ARP entries. If a static ARP entry is configured on an AR, the AR can communicate with the remote device using only the specified MAC address. Network attackers cannot modify the mapping between the IP and MAC addresses using ARP packets, ensuring communication between the two devices. The methods used to configure static ARP entries are as follows.
- Command lines:
For a Layer 3 physical interface and a Layer 3 Eth-Trunk, run the following command to configure a static ARP entry in which the IP address is 1.1.1.1 and the MAC address is 0000-1111-1111:
[Huawei] arp static 1.1.1.1 0000-1111-1111
For a Dot1q termination sub-interface, run the following command to configure a static ARP entry in which the IP address is 2.1.1.1, MAC address is 0edc-15e5-f7e4, outbound interface is GE1/0/0.1, and VLAN ID is 20:
[Huawei] interface gigabitethernet 1/0/0.1
[Huawei-GigabitEthernet1/0/0.1] control-vid 100 dot1q-termination //You do no run this command in V2R2C01 and later versions.
[Huawei-GigabitEthernet1/0/0.1] dot1q termination vid 20
[Huawei-GigabitEthernet1/0/0.1] ip address 2.1.1.2 24[Huawei-GigabitEthernet1/0/0.1] quit
[Huawei] arp static 2.1.1.1 0edc-15e5-f7e4 vid 20 interface gigabitethernet1/0/0.1
For a QinQ termination sub-interface, run the following command to configure a static ARP entry in which the IP address is 2.1.1.1, MAC address is 0edc-15e5-f7e4, outbound interface is GE1/0/0.1, and VLAN ID is 20:
[Huawei] interface gigabitethernet 1/0/0.1
[Huawei-GigabitEthernet1/0/0.1] control-vid 100 qinq-termination //You do no run this command in V2R2C01 and later versions.
[Huawei-GigabitEthernet1/0/0.1] qinq termination pe-vid 10 ce-vid 20
[Huawei-GigabitEthernet1/0/0.1] ip address 2.1.1.2 24[Huawei-GigabitEthernet1/0/0.1] quit
[Huawei] arp static 2.1.1.1 0edc-15e5-f7e4 vid 10 cevid 20 interface gigabitethernet1/0/0.1

Other related questions:
How is static binding configured on an AR
Static DHCP binding allows the AR to allocate fixed IP addresses to user terminals with fixed MAC addresses. The AR needs to allocate the fixed IP address to the client with the MAC address of dcd2-fc96-e4c0. The configuration method is as follows: - Based on the global address pool: [Huawei] ip pool 1 //Address segments have been configured in the address pool. [Huawei-ip-pool-1] static-bind ip-address 10.10.10.10 mac-address dcd2-fc96-e4c0 - Based on the interface address pool: [Huawei] interface vlanif 10 //An IP address has been assigned to the interface. [Huawei-Vlanif10] dhcp server static-bind ip-address 10.10.10.10 mac-address dcd2-fc96-e4c0 The configured IP address cannot be the IP address that has been assigned. If the system displays a message indicating that the IP address has been assigned, run the reset ip pool { interface pool-name | name ip-pool-name } { start-ip-address [ end-ip-address ] | all | conflict | expired | used } command in the user view to manually reclaim IP addresses in the address pool.

Method used to configure static ARP binding on USG firewalls
The command used to configure static ARP binding on the USG2000, USG5000, and USG6000 is as follows: In a static ARP entry, the IP address is 10.10.10.1/24, and the corresponding MAC address is 0025-1185-8C21. system-view [USG] arp static 10.10.10.1 0025-1185-8C21

How Do I configure proxy ARP on an AR
An AR router supports routed proxy ARP, intra-VLAN proxy ARP, and inter-VLAN proxy ARP. - Routed proxy ARP Routed proxy ARP allows hosts on the same network segment across different physical networks to communicate. The configuration is as follows: [Huawei] interface ethernet2/0/0 [Huawei-Ethernet2/0/0] arp-proxy enable - Intra-VLAN proxy ARP Intra-VLAN proxy ARP allows hosts on the same network segment and VLAN where isolation is configured to communicate. The configuration is as follows: [Huawei] interface vlanif 10 [Huawei-Vlanif10] arp-proxy inner-sub-vlan-proxy enable - Inter-VLAN proxy ARP Inter-VLAN proxy ARP allows hosts on the same network segment but different VLANs to communicate . The configuration is as follows: [Huawei] interface vlanif 10 [Huawei-Vlanif10] arp-proxy inter-sub-vlan-proxy enable

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top