Configuring ARP Automatic Scanning and Fixed ARP
ARP automatic scanning and fixed ARP enable a device to generate dynamic ARP entries and convert the dynamic ARP entries to static ARP entries.
Context
To improve communication security, network administrators generally configure static ARP entries on a small-sized LAN. However, if a gateway has multiple users attached, a network administrator has to configure static ARP entries for each user. Current networks use dynamic ARP for communication.
Dynamic ARP helps reduce a network administrator's workload but has its own limitations. Dynamic ARP entries can be overwritten by subsequent ARP entries and are vulnerable to network attacks. Therefore, dynamic ARP cannot provide reliability for network communications.
- After ARP automatic scanning is configured, a device automatically scans all its neighbor devices on a LAN. The device sends ARP request packets to its neighbor devices, obtains the MAC addresses of its neighbor devices, and generates dynamic ARP entries.
- After fixed ARP is configured, the device converts these dynamic ARP entries to static ARP entries.
Procedure
- Access the system view.
system-view
- Access the interface view.
interface interface-type interface-number
Before you configure ARP automatic scanning and fixed ARP, run the display arp all command to check all ARP entries of the device. This allows you to compare the number and types of ARP entries before and after ARP automatic scanning and fixed ARP are configured.<sysname> display arp all
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN ------------------------------------------------------------------------------ 192.168.50.207 781d-****-355e I - GE0/0/0 192.168.56.2 781d-****-355e I - Vlanif2 1.1.1.1 781d-****-355e I - Vlanif30 ------------------------------------------------------------------------------ Total:3 Dynamic:0 Static:0 Interface:3 Remote:0 - Configure ARP automatic scanning.
arp scan [ start-ip-address to end-ip-address ]
After you configure ARP automatic scanning and before you configure fixed ARP, run the display arp all command to check all ARP entries of the device. If only the number of ARP entries increases, the ARP automatic scanning configuration takes effect.<sysname> display arp all
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN ------------------------------------------------------------------------------ 192.168.50.207 781d-****-355e I - GE0/0/0 192.168.56.2 781d-****-355e I - Vlanif2 1.1.1.1 781d-****-355e I - Vlanif30 1.1.1.2 000b-****-4869 D-1 GE0/0/4 30/- 1.1.1.3 000b-****-4868 D-1 GigabitEthernet 0/0/2 30/- ------------------------------------------------------------------------------ Total:5 Dynamic:2 Static:0 Interface:3 Remote:0 - Configure fixed ARP.
arp fixup
Follow-up Procedure
After the configuration is complete, run the display arp all command to check the configurations of ARP automatic scanning and fixed ARP and compare the number and types of ARP entries before and after ARP automatic scanning and fixed ARP are configured.
<sysname> display arp all
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN
------------------------------------------------------------------------------
192.168.50.207 781d-****-355e I - GE0/0/0
192.168.56.2 781d-****-355e I - Vlanif2
1.1.1.1 781d-****-355e I - Vlanif30
1.1.1.2 000b-****-4869 S-- GE0/0/4
30/-
1.1.1.3 000b-****-4868 S-- GigabitEthernet 0/0/2
30/-
------------------------------------------------------------------------------
Total:5 Dynamic:0 Static:2 Interface:3 Remote:0