H3C S9500 Series Operating instructions

H3C S9500 Series Routing Switches

Operation Manual

Hangzhou H3C Technologies Co., Ltd.

http://www.h3c.com

Manual Version: T2-08165E-20081225-C-1.24

Product Version: S9500-CMW310-R1648

No part of this manual may be reproduced or transmitted in any form or by any means

without prior written consent of Hangzhou H3C Technologies Co., Ltd.

Trademarks

H3C, , Aolynk, , H

3

Care,

, TOP G, , IRF, NetPilot,

Neocean, NeoVTL, SecPro, SecPoint, SecEngine, SecPath, Comware, Secware,

Storware, NQA, VVG, V

2

G, V

n

G, PSPT, XGbus, N-Bus, TiGem, InnoVision and

HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd.

All other trademarks that may be mentioned in this manual are the property of their

respective owners.

Notice

The information in this document is subject to change without notice. Every effort has

been made in the preparation of this document to ensure accuracy of the contents, but

all statements, information, and recommendations in this document do not constitute

the warranty of any kind, express or implied.

Technical Support

customer_service@h3c.com

http://www.h3c.com

About This Manual

Organization

H3C S9500 Series Routing Switches Configuration Manual is organized as follows:

Part Contents

00 Product Overview

includes Obtaining the Documentation, Product

Features, and Features.

01 Access Volume

includes Ethernet Port Configuration, POS Port

Configuration, Link Aggregation Configuration, Port

Isolation Configuration, VLAN Configuration, MAC

Address Table Management Configuration, GVRP

Configuration, QinQ Configuration, Ethernet Port

Loopback Detection Configuration, DLDP Configuration,

Ethernet OAM Configuration, Smart Link and Monitor

Link Configuration, MSTP Configuration, BPDU Tunnel

Configuration, HVRP Configuration, RRPP

Configuration and RPR Configuration.

02 IP Services Volume

includes ARP Configuration, IP Address Configuration,

VRRP Configuration, DHCP Configuration, DNS

Configuration, UDP Helper Configuration, NAT

Configuration, IP Performance Configuration and URPF

Configuration.

03 IP Routing Volume

includes IP Routing Protocol Overview, Static Route

Configuration, RIP Configuration, OSPF Configuration,

ISIS Configuration, BGP Configuration, IP Route Policy

Configuration, Route Capacity Configuration and

Recursive Routing Configuration.

04 IP Multicast Volume

includes Multicast Overview, Common Multicast

Configuration, IGMP Snooping Configuration, IGMP

Configuration, PIM Configuration, Multicast VLAN

Configuration, MSDP Configuration and MBGP

Configuration.

05 MPLS VPN Volume

includes MPLS Configuration, MPLS VLL Configuration,

MPLS VPLS Configuration, MPLS L3VPN Configuration,

MPLS OAM Configuration and MPLS Hybrid Insertion

Configuration.

06 QoS ACL Volume includes QoS Configuration and ACL Configuration.

07 Security Volume

includes Protocol Port Security Configuration, 802.1X

Configuration , AAA RADIUS HWTACACS

Configuration ,Password Control Configuration, SSH

Configuration, IDS Linkage Configuration, Portal

Configuration, VBAS Configuration and Traffic

Accounting Configuration.

Part Contents

08 System Volume

includes Command Line Interface Configuration, Login

and User Interface Configuration, FTP and TFTP

Configuration, HA Configuration, NQA Configuration,

NetStream Configuration, NTP Configuration, RMON

Configuration, SNMP Configuration, Packet Statistics

Accounting Configuration, Device Management

Configuration, Configuration File Management

Configuration, File System Management Configuration,

Cluster Management Configuration, System

Maintenance and Debugging Configuration, Information

Center Configuration, PoE Configuration, Clock Module

Configuration, ACSEI Server Configuration and OAP

Module Configuration.

09 Acronyms Offers the acronyms used in this manual.

Conventions

The manual uses the following conventions:

I. Command conventions

Convention Description

Boldface

The keywords of a command line are in Boldface.

italic

Command arguments are in italic.

[ ]

Items (keywords or arguments) in square brackets [ ] are

optional.

{ x | y | ... }

Alternative items are grouped in braces and separated by

vertical bars. One is selected.

[ x | y | ... ]

Optional alternative items are grouped in square brackets

and separated by vertical bars. One or none is selected.

{ x | y | ... } *

Alternative items are grouped in braces and separated by

vertical bars. A minimum of one or a maximum of all can be

selected.

[ x | y | ... ] *

Optional alternative items are grouped in square brackets

and separated by vertical bars. Many or none can be

selected.

&<1-n>

The argument(s) before the ampersand (&) sign can be

entered 1 to n times.

# A line starting with the # sign is comments.

II. GUI conventions

Convention Description

< >

Button names are inside angle brackets. For example, click

<OK>.

[ ]

Window names, menu items, data table and field names

are inside square brackets. For example, pop up the [New

User] window.

/

Multi-level menus are separated by forward slashes. For

example, [File/Create/Folder].

III. Symbols

Convention Description

Warning

Means reader be extremely careful. Improper operation

may cause bodily injury.

Caution

Means reader be careful. Improper operation may cause

data loss or damage to equipment.

 Note

Means a complementary description.

Related Documentation

In addition to this manual, each H3C S9500 Series Routing Switches documentation

set includes the following:

Manual Description

H3C S9500 Series Routing Switches

Installation Manual

It introduces the installation procedure,

commissioning, maintenance and

monitoring of the S9500 series routing

switches.

H3C S9500 Series Routing Switches

Command Manual

It includes Feature List and Command

Index, Access Volume, IP Service

Volume, IP Routing Volume, IP Multicast

Volume, MPLS VPN Volume, QoS ACL

Volume, Security Volume, and System

Volume.

Obtaining Documentation

You can access the most up-to-date H3C product documentation on the World Wide

Web at this URL: http://www.h3c.com.

The following are the columns from which you can obtain different categories of product

documentation:

[Products & Solutions]: Provides information about products and technologies.

[Technical Support & Document > Technical Documents]: Provides several categories

of product documentation, such as installation and operation.

[Technical Support & Document > Product Support > Software]: Provides the

documentation released with the software version.

Documentation Feedback

You can e-mail your comments about product documentation to [email protected].

We appreciate your comments.

Operation Manual

H3C S9500 Series Routing Switches IP Services Volume Organization

Manual Version

T2-08165E-20081225-C-1.24

Product Version

S9500-CMW310-R1648

Organization

The IP Services Volume is organized as follows:

Features

(operation

manual)

Description

ARP

Address Resolution Protocol (ARP) is used to resolve an IP

address into a data link layer address. The volume describes:

z ARP configuration

z ARP table size configuration

z ARP attack prevention configuration

z IP packet attack prevention configuration

IP Address

An IP address is a 32-bit address allocated to a network

interface on a device that is attached to the Internet. The

volume describes:

z Introduction to IP addresses

z IP address configuration

z IP address protection configuration

VRRP

The Virtual Router Redundancy Protocol (VRRP) is a

fault-tolerant protocol. The volume describes:

z Introduction to VRRP

z VRRP configuration

DHCP

DHCP is built on a client-server model, in which the client

sends a configuration request and then the server returns a

reply to send configuration parameters such as an IP address

to the client. The volume describes:

z DHCP overview

z DHCP server configuration

z DHCP relay agent configuration

z DHCP snooping configuration

DNS

Used in the TCP/IP application, Domain Name System (DNS)

is a distributed database which provides the translation

between domain name and the IP address. The volume

describes:

z Introduction to DNS

z DNS configuration

Operation Manual

H3C S9500 Series Routing Switches IP Services Volume Organization

Features

(operation

manual)

Description

UDP Helper

UDP Helper (UDPH) functions as a relay agent that converts

UDP broadcast packets into unicast packets and forwards

them to a specified server. The volume describes:

z UDP Helper overview

z UDP Helper configuration

NAT

NAT is the procedure of translating the IP address in the

header of an IP data packet into another IP address. The

volume describes:

z NAT overview

z NAT configuration

IP Performance

In some network environments, you need to adjust the IP

parameters to achieve best network performance. The volume

describes:

z IP performance configuration

URPF

Unicast reverse path forwarding (URPF) serves as a safeguard

against source address spoofing attacks. The volume describes:

z URPF overview

z URPF configuration

Operation Manual – ARP

H3C S9500 Series Routing Switches Table of Contents

i

Table of Contents

Chapter 1 ARP Configuration.......................................................................................................1-1

1.1 Introduction to ARP............................................................................................................1-1

1.2 Configuring ARP................................................................................................................1-3

1.2.1 Enabling/Disabling ARP Entry Checking ................................................................1-3

1.2.2 Adding/Deleting a Static ARP Entry........................................................................1-3

1.2.3 Configuring the Dynamic ARP Aging Timer............................................................1-4

1.2.4 Adding/Deleting Multicast ARP Ports......................................................................1-4

1.2.5 Proxy ARP Configuration........................................................................................1-6

1.2.6 Gratuitous ARP Learning Configuration..................................................................1-7

1.2.7 Configuring ARP Packets Not to Broadcast in VLAN .............................................1-8

1.3 Displaying and Debugging ARP ........................................................................................1-8

Chapter 2 ARP Table Size Configuration.................................................................................... 2-1

2.1 Introduction to ARP Table Size Configuration...................................................................2-1

2.2 Configuring ARP Table Size Dynamically .........................................................................2-2

2.2.1 Configuration Tasks ................................................................................................2-2

2.2.2 Configuring ARP Table Size Dynamically...............................................................2-2

2.3 Displaying ARP Table Size Configuration .........................................................................2-3

2.4 ARP Table Size Configuration Example............................................................................2-3

Chapter 3 ARP Attack Prevention Configuration.......................................................................3-1

3.1 ARP Spoofing Attack Prevention.......................................................................................3-1

3.1.1 Introduction to ARP Spoofing Attack Prevention ....................................................3-1

3.1.2 Configuring ARP Spoofing Attack Prevention.........................................................3-3

3.2 ARP Duplicate Gateway Attack Prevention.......................................................................3-3

3.2.1 Introduction to ARP Duplicate Gateway Attack Prevention ....................................3-3

3.2.2 Configuring ARP Duplicate Gateway Attack Prevention......................................... 3-4

3.3 ARP Packet Attack Prevention..........................................................................................3-4

3.3.1 Introduction to ARP Packet Attack Prevention........................................................3-4

3.3.2 Configuring ARP Packet Attack Prevention............................................................3-5

3.4 ARP Attack Prevention Configuration Example.................................................................3-6

Chapter 4 IP Packet Attack Prevention Configuration ..............................................................4-1

4.1 Introduction to IP Packet Attack Prevention ......................................................................4-1

4.2 Configuring IP Packet Attack Prevention...........................................................................4-1

Operation Manual – ARP

H3C S9500 Series Routing Switches Chapter 1 ARP Configuration

1-1

Chapter 1 ARP Configuration

When configuring ARP, go to these sections for information you are interested in:

z Introduction to ARP

z Configuring ARP

z Displaying and Debugging ARP

1.1 Introduction to ARP

Address resolution protocol (ARP) is used to resolve an IP address into a MAC

address.

I. Why ARP

An IP address cannot be directly used for communication on an Ethernet because

network devices can identify only MAC addresses. An IP address is a network layer

address. To send datagrams through the network layer to the destination host, the MAC

address of the host is required. Therefore, the IP address must be resolved into a MAC

address.

II. ARP address resolution process

Figure 1-1 ARP address resolution process

Suppose that Host A and Host B are on the same subnet and Host A sends a packet to

Host B. The resolution process is as follows:

1) Host A checks its ARP table to see whether there is an ARP entry for Host B. If yes,

Host A uses the MAC address in the entry to encapsulate the IP packet into a data

link layer frame and sends the frame to Host B.

2) If Host A finds no entry for Host B, Host A buffers the packet and broadcasts an

ARP request, in which the sender IP address and sender MAC address are

respectively the IP address and MAC address of Host A and the target IP address

Operation Manual – ARP

H3C S9500 Series Routing Switches Chapter 1 ARP Configuration

1-2

and target MAC address are respectively the IP address of Host B and an all-zero

MAC address. Because the ARP request is broadcast, all hosts on this subnet can

receive the request, but only the requested host (namely, Host B) will process the

request.

3) Host B compares its own IP address with the target IP address in the ARP request.

If they are the same, Host B saves the sender IP address and sender MAC

address into its ARP table, encapsulates its MAC address into an ARP reply, and

unicasts the reply to Host A.

4) After receiving the ARP reply, Host A adds the MAC address of Host B into its ARP

table.

If Host A and Host B are not on the same subnet, Host A first sends an ARP request to

the gateway. The target IP address in the ARP request is the IP address of the gateway.

After obtaining the MAC address of the gateway from an ARP reply, Host A sends the

packet to the gateway. If the gateway maintains the ARP entry of Host B, it forwards the

packet to Host B directly; if not, it broadcasts an ARP request, in which the target IP

address is the IP address of Host B. After obtaining the MAC address of Host B, the

gateway sends the packet to Host B.

III. ARP concepts

ARP entries used in S9500 series routing switches include dynamic ARP entries and

static ARP entries.

z Dynamic ARP entries are automatically created and maintained by the ARP

protocol through ARP packets. They can be discarded after the aging time expires,

and updated by new ARP packets. They can also be overwritten by permanent

static ARP entries and non-permanent static ARP entries. When the aging time

expires, a port is disabled or a VLAN interface is disabled, the corresponding

dynamic ARP entry will be deleted.

z Static ARP entries are configured and maintained manually.

Static entries are further divided into permanent static ARP entries and non-permanent

static ARP entries.

z Permanent ARP entries contain all elements of an ARP entry. They can forward

data directly. They cannot be aged, or overwritten by dynamic ARP entries.

z Non-permanent ARP entries are configured with only IP addresses and MAC

addresses other than VLANs and output interfaces. They are generally used for

users requiring IP-MAC bindings. Its initial state is non-resolution, so it cannot

forward data directly. It can obtain VLANs and egresses dynamically through ARP

packets. A resolved non-permanent static ARP entry can forward data and will not

be aged. When a port or VLAN interface is disabled, the corresponding static ARP

entry will be restored to the non-resolution state.

Operation Manual – ARP

H3C S9500 Series Routing Switches Chapter 1 ARP Configuration

1-3

1.2 Configuring ARP

The ARP table can be maintained dynamically or manually. Usually, the manually

configured mappings are known as static ARP entries. The user can display, add or

delete such entries with commands.

The following sections describe static ARP configuration tasks:

z Enabling/Disabling ARP Entry Checking

z Adding/Deleting a Static ARP Entry

z Configuring the Dynamic ARP Aging Timer

z Adding/Deleting Multicast ARP Ports

z Proxy ARP Configuration

z Gratuitous ARP Learning Configuration

z Configuring ARP Packets Not to Broadcast in VLAN

1.2.1 Enabling/Disabling ARP Entry Checking

Perform the following configuration in system view to enable/disable ARP entry

checking:

To do… Use the command…

Enable the ARP entry checking function so that the

switch will not learn any ARP entry containing a

multicast MAC address

arp check enable

Disable the ARP entry checking function so that the

switch can learn ARP entries containing multicast MAC

addresses

undo arp check enable

By default, the ARP entry checking function is enabled, that is, the switch is disabled

from learning ARP entries for multicast MAC addresses.

1.2.2 Adding/Deleting a Static ARP Entry

Perform the following configuration in system view to add/delete a static ARP mapping

entry.

To do… Use the command…

Add a static ARP entry

arp static ip-address [ mac-address [ vlan-id

{ interface-type interface-number } ] [ vpn-instance

vpn-instance-name ] ]

Delete a static ARP entry undo arp ip-address

By default, the ARP table is empty and ARP entries are obtained through dynamic ARP.

Note that:

Operation Manual – ARP

H3C S9500 Series Routing Switches Chapter 1 ARP Configuration

1-4

z As long as a switch operates, its static ARP entries remain valid unless you

change or remove a VLAN interface, remove a VLAN, or remove a port from a

VLAN. These operations cause the corresponding static ARP mapping entries to

be automatically removed.

z The vlan-id argument must be the ID of an existing VLAN, and the Ethernet port

specified behind this argument must belong to the VLAN.

z The vpn-instance-name argument must be the VPN instance name of an existing

MPLS VPN.

z The port specified in an ARP entry can be a manually aggregated port, instead of a

statically or dynamically aggregated port.

z If the mac-address of an ARP entry is a multicast MAC address, the system will

take this ARP entry as a multicast ARP entry.

z Automatic fill-in of MAC addresses is enabled only after IP address protection is

enabled on the interface.

z After the first automatic fill-in, the corresponding ARP entries become common

static ARP entries and cannot be filled in again.

1.2.3 Configuring the Dynamic ARP Aging Timer

You can configure an age for dynamic ARP entries.

Perform the following configuration in system view to configure the dynamic ARP aging

timer.

To do… Use the command…

Configure the dynamic ARP aging timer arp timer aging aging-time

Restore the default dynamic ARP aging time

undo arp timer aging

By default, the dynamic ARP aging timer is 20 minutes.

1.2.4 Adding/Deleting Multicast ARP Ports

The multicast ARP feature allows you to associate a common unicast route to a Layer 2

multicast group by creating a static multicast ARP entry. In this way, a packet matching

the entry can be forwarded out multiple ports. In brief, a multicast ARP entry is a static

ARP entry with a multicast MAC address and corresponds to multiple ports.

You can use the multi-port keyword in the following command to add a port for a

multicast ARP entry. Only one port can be added every time the command is executed.

If the multicast ARP entry does not exist, a new multicast ARP entry is generated. If the

multicast ARP entry exists and the same port exists, the switch will not add the port.

Follow these steps to add a port for a multicast ARP entry in system view:

Operation Manual – ARP

H3C S9500 Series Routing Switches Chapter 1 ARP Configuration

1-5

To do… Use the command… Remarks

Enter system view

system-view

—

Add a port for the

multicast ARP

entry

arp static ip-address mac-address vlan-id

multi-port interface-type interface-number

[ vpn-instance vpn-instance-name ]

—

To remove the configuration, use the corresponding undo command.

After the configuration, you can use the display arp multi-port command in any view

to check the detailed information about multicast ARP entry configuration.

Caution:

z Up to 64 multicast ARP entries are supported, with each entry having up to 100

outgoing ports. A manual port aggregation group is considered a single port.

z An outgoing port of a multicast ARP entry can be a manually aggregated port or a

common port, but cannot be a statically or dynamically aggregated port.

z As specified in the IEEE 802.3ad standard, if a port is disabled but the dynamic port

aggregation function is enabled, the port is not an aggregated port, but a common

one. Therefore, the port can be configured as a port for a multicast ARP entry. After

the port is enabled, the port becomes a dynamically aggregated port and will be

removed from the multicast ARP entry.

z The IP addresses of multicast ARP entries are unicast IP addresses.

z For the MAC addresses of multicast ARP entries, well-known multicast MAC

addresses are not recommended.

z Multicast static ARP entries overwrite dynamic, non-permanent static and

permanent static ARP entries with the same IP addresses, but not vice versa.

z If a port with a number smaller than those in an aggregation group (for example, the

port is on an interface card with a smaller slot number) is added into the group, the

ports in this aggregation group will be removed from multicast ARP; while other

ports will not be affected.

z For an aggregation of ports on different interface cards, if removing an interface

card with a smaller slot number can cause primary port switchover, doing so will

remove the ports of this aggregation group from multicast ARP; while other ports will

not be affected.

z If an aggregation group is removed, ports in this group are removed from multicast

ARP; while other ports are not affected.

z No matter the state of the primary port in an aggregation is up or down, ports in the

aggregation group will not be removed from multicast ARP.

Operation Manual – ARP

H3C S9500 Series Routing Switches Chapter 1 ARP Configuration

1-6

1.2.5 Proxy ARP Configuration

I. Enable proxy ARP for Sub-VLANs

With the super VLAN function enabled, a device also needs to be enabled with the

proxy ARP function for Layer 3 communications between sub-VLANs. If you enable the

proxy ARP function on a device that is connected to two sub-VLANs, the device

forwards packets between the sub-VLANs at Layer 3. In this way, ports isolated at

Layer 2 can communicate at Layer 3.

Follow these steps to enable proxy ARP in VLAN view:

To do… Use the command… Remarks

Enter system view

system-view

—

Enter VLAN view

vlan vlan-id

Use the vlan-id argument to

specify the ID of a sub-VLAN.

Enable ARP proxy

arp proxy enable

By default, proxy ARP is disabled.

Use the undo form of the command to remove the configuration.

II. Enable proxy ARP in VLAN interface view

With proxy ARP enabled in VLAN interface view, upon receiving an ARP request, a

device sends back an ARP response directly if the following conditions are met:

z The sender IP address of the ARP request is on the same network segment as the

receiving VLAN interface.

z The target IP address of the ARP request is on another network segment.

z The route corresponding to the target IP address of the ARP request exists and

the outgoing interface of the route is not the receiving interface of the ARP

request.

Follow these steps to enable proxy ARP in VLAN interface view:

To do… Use the command… Remarks

Enter system view

system-view

—

Enter VLAN interface view

vlan-interface vlan-id

Use the vlan-id argument

to specify the ID of a

common VLAN.

Enable proxy ARP

arp proxy enable

By default, proxy ARP is

disabled.

Operation Manual – ARP

H3C S9500 Series Routing Switches Chapter 1 ARP Configuration

1-7

III. Enable local proxy ARP

With local proxy ARP enabled, the device directly sends back an ARP response if it

receives an ARP request whose sender and target IP addresses are on the same

network segment as the receiving VLAN interface.

Follow these steps to enable local proxy ARP:

To do… Use the command… Remarks

Enter system view

system-view

—

Enter VLAN interface view

vlan-interface vlan-id

Use the vlan-id argument

to specify the ID of a

common VLAN.

Enable local proxy ARP

arp local-proxy enable

By default, local proxy

ARP is disabled.

1.2.6 Gratuitous ARP Learning Configuration

I. Introduction to Gratuitous ARP Packets

The following are the characteristics of gratuitous ARP packets:

z Both source and destination IP addresses carried in a gratuitous ARP packet are

the local IP address, and the source MAC address carried in it is the local MAC

address.

z If a device finds that the IP address carried in a received gratuitous packet is its IP

address, it returns an ARP response to the sending device.

By sending a gratuitous ARP packet, a network device can:

z Check whether its IP address conflicts with that of any other device;

z Trigger other network devices to update its hardware address stored in their

caches.

With the gratuitous ARP packet learning function enabled, a network device stores the

source IP and MAC addresses of a received gratuitous ARP packet in its ARP table if it

has no such an entry or updates the entry if it has.

Operation Manual – ARP

H3C S9500 Series Routing Switches Chapter 1 ARP Configuration

1-8

II. Gratuitous ARP packet learning configuration

Follow these steps to configure the gratuitous ARP packet learning function:

To do… Use the command… Remarks

Enter system view

system-view

—

Enable the gratuitous

ARP packet learning

function

gratuitous-arp-learning

enable

Required

By default, the gratuitous

ARP packet learning

function is enabled.

1.2.7 Configuring ARP Packets Not to Broadcast in VLAN

In order to disable any two hosts in the same network segment from access to each

other, you can configure the device to forward ARP requests as trap packets to the CPU

rather than broadcast in the VLAN. Thus, the two hosts cannot learn the addresses of

each other through ARP packets.

Follow these steps to limit the flooding of ARP request packets in a VLAN:

To do… Use the command… Remarks

Enter system view

system-view

—

Enter Ethernet port

view

interface interface-type

interface-number

The port specified by the

interface-type argument can

be an Ethernet port only

Limit the flooding of

ARP requests in a

VLAN

arp non-flooding enable

Required

This function is disabled by

default.

1.3 Displaying and Debugging ARP

To do… Use the command… Remarks

Display ARP entry

information

display arp [ ip-address | [ dynamic |

static | vlan vlan-id | interface

interface-type interface-number ] [ |

{ begin | include | exclude } text ] ]

Display the current setting

of the dynamic ARP aging

timer

display arp timer aging

Display multicast ARP entry

configuration information

display arp multi-port [ ip-address ]

Display proxy ARP

information

display arp proxy [ vlan vlan-id]

Available in

any view

Operation Manual – ARP

H3C S9500 Series Routing Switches Chapter 1 ARP Configuration

1-9

To do… Use the command… Remarks

Clear specified ARP entries

reset arp [ dynamic | static |

interface { interface-type

interface-number } | all ]

Enable ARP debugging

debugging arp { error | info | packet |

entry-check }

Disable ARP debugging

undo debugging arp { error | info |

packet | entry-check }

Available in

user view

Operation Manual – ARP

H3C S9500 Series Routing Switches Chapter 2 ARP Table Size Configuration

2-1

Chapter 2 ARP Table Size Configuration

When configuring the ARP table size, go to these sections for information you are

interested in:

z Introduction to ARP Table Size Configuration

z Configuring ARP Table Size Dynamically

z Displaying ARP Table Size Configuration

z ARP Table Size Configuration Example

2.1 Introduction to ARP Table Size Configuration

You can manually configure the maximum number of ARP entries (that is, the size of a

ARP table) on an S9500 routing switch as needed.

Table 2-1 lists the specifications and numbers of ARP entries on cards with different

model suffixes.

Table 2-1 Specifications and numbers of ARP entries on cards with different model

suffixes

Model

suffix

IP address

format and

number of

FIB entries

supported

MPLS

support

Maximum

number of

ARP entries

supported by

the whole

switch if the

card exists in

the system

Maximum

number of

ARP

entries

supported

by the card

Maximum

number of

aggregation

ARP entries

supported

by the card

B IPv4-128K

DA

IPv4-128K/I

Pv6-7K

DB

IPv4-128K/I

Pv6-64K

DC

IPv4-256K/I

Pv6-128K

Not

supported

4K 4K 0K, 1K, 3K

C IPv4-128K

CA IPv4-256K

CB IPv4-512K

Supported 4K, 64K

4K, 5K, 6K,

7K, 8K

0K, 1K, 3K,

7K, 8K

Operation Manual – ARP

H3C S9500 Series Routing Switches Chapter 2 ARP Table Size Configuration

2-2

 Note:

z You can distinguish the model suffix of a card by the silkscreen at the upper right

corner of the front panel. For example, the silkscreen of the LSB1GP12B0 card is

GP12B, and so the suffix of this card is B.

z If the suffix of a card is "C" or "CA", you can configure the maximum ARP entries as

64 K only when only this type of cards exist in the system. Up to 8K of ARP entries

can be configured for a card.

Caution:

z After the configuration of a non-permanent static ARP entry, the system will include

it into the number of non-aggregation ARP entries. If the non-permanent static ARP

entry is resolved from a non-aggregated port, the number of non-aggregation ARP

entries will remain unchanged; if the non-permanent static ARP entry is resolved

from an aggregated port, it will be deducted from the number of non-aggregation

ARP entries and included into the number of aggregation ARP entries.

z As a non-permanent static ARP entry is included into the number of normal ARP

entries like a normal permanent static ARP entry, if a card is configured to support

up to 8K aggregation ARP entries, the card does not support the configuration of

neither kind.

2.2 Configuring ARP Table Size Dynamically

2.2.1 Configuration Tasks

z Configuring the maximum number of ARP entries supported by a card

z Configuring the maximum number of aggregation ARP entries supported by a card

z Configuring the maximum number of ARP entries supported by the switch

2.2.2 Configuring ARP Table Size Dynamically

Follow these steps to configure ARP table size dynamically:

To do… Use the command… Remarks

Enter system view

system-view

—

Configure the maximum

number of ARP entries

supported by a card

arp max-entry slot-num

max-num

The maximum number of

ARP entries supported by

a card is 4K by default.

Page is loading ...

H3C S9500 Series Operating instructions

H3C S9500 Series Operating instructions

Related papers

Other documents