2. Computers & electronics
  3. Software
  4. H3C
  5. S9500 Series

H3C S9500 Series Operating instructions

  • Hello! I am an AI chatbot trained to assist you with the H3C S9500 Series Operating instructions. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
H3C S9500 Series Routing Switches
Operation Manual
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Manual Version: T2-08165E-20081225-C-1.24
Product Version: S9500-CMW310-R1648
Copyright © 2007-2008, Hangzhou H3C Technologies Co., Ltd. and its licensors
All Rights Reserved
No part of this manual may be reproduced or transmitted in any form or by any means
without prior written consent of Hangzhou H3C Technologies Co., Ltd.
Trademarks
H3C, , Aolynk, , H
3
Care,
, TOP G, , IRF, NetPilot,
Neocean, NeoVTL, SecPro, SecPoint, SecEngine, SecPath, Comware, Secware,
Storware, NQA, VVG, V
2
G, V
n
G, PSPT, XGbus, N-Bus, TiGem, InnoVision and
HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd.
All other trademarks that may be mentioned in this manual are the property of their
respective owners.
Notice
The information in this document is subject to change without notice. Every effort has
been made in the preparation of this document to ensure accuracy of the contents, but
all statements, information, and recommendations in this document do not constitute
the warranty of any kind, express or implied.
Technical Support
customer_service@h3c.com
http://www.h3c.com
About This Manual
Organization
H3C S9500 Series Routing Switches Configuration Manual is organized as follows:
Part Contents
00 Product Overview
includes Obtaining the Documentation, Product
Features, and Features.
01 Access Volume
includes Ethernet Port Configuration, POS Port
Configuration, Link Aggregation Configuration, Port
Isolation Configuration, VLAN Configuration, MAC
Address Table Management Configuration, GVRP
Configuration, QinQ Configuration, Ethernet Port
Loopback Detection Configuration, DLDP Configuration,
Ethernet OAM Configuration, Smart Link and Monitor
Link Configuration, MSTP Configuration, BPDU Tunnel
Configuration, HVRP Configuration, RRPP
Configuration and RPR Configuration.
02 IP Services Volume
includes ARP Configuration, IP Address Configuration,
VRRP Configuration, DHCP Configuration, DNS
Configuration, UDP Helper Configuration, NAT
Configuration, IP Performance Configuration and URPF
Configuration.
03 IP Routing Volume
includes IP Routing Protocol Overview, Static Route
Configuration, RIP Configuration, OSPF Configuration,
ISIS Configuration, BGP Configuration, IP Route Policy
Configuration, Route Capacity Configuration and
Recursive Routing Configuration.
04 IP Multicast Volume
includes Multicast Overview, Common Multicast
Configuration, IGMP Snooping Configuration, IGMP
Configuration, PIM Configuration, Multicast VLAN
Configuration, MSDP Configuration and MBGP
Configuration.
05 MPLS VPN Volume
includes MPLS Configuration, MPLS VLL Configuration,
MPLS VPLS Configuration, MPLS L3VPN Configuration,
MPLS OAM Configuration and MPLS Hybrid Insertion
Configuration.
06 QoS ACL Volume includes QoS Configuration and ACL Configuration.
07 Security Volume
includes Protocol Port Security Configuration, 802.1X
Configuration , AAA RADIUS HWTACACS
Configuration ,Password Control Configuration, SSH
Configuration, IDS Linkage Configuration, Portal
Configuration, VBAS Configuration and Traffic
Accounting Configuration.
Part Contents
08 System Volume
includes Command Line Interface Configuration, Login
and User Interface Configuration, FTP and TFTP
Configuration, HA Configuration, NQA Configuration,
NetStream Configuration, NTP Configuration, RMON
Configuration, SNMP Configuration, Packet Statistics
Accounting Configuration, Device Management
Configuration, Configuration File Management
Configuration, File System Management Configuration,
Cluster Management Configuration, System
Maintenance and Debugging Configuration, Information
Center Configuration, PoE Configuration, Clock Module
Configuration, ACSEI Server Configuration and OAP
Module Configuration.
09 Acronyms Offers the acronyms used in this manual.
Conventions
The manual uses the following conventions:
I. Command conventions
Convention Description
Boldface
The keywords of a command line are in Boldface.
italic
Command arguments are in italic.
[ ]
Items (keywords or arguments) in square brackets [ ] are
optional.
{ x | y | ... }
Alternative items are grouped in braces and separated by
vertical bars. One is selected.
[ x | y | ... ]
Optional alternative items are grouped in square brackets
and separated by vertical bars. One or none is selected.
{ x | y | ... } *
Alternative items are grouped in braces and separated by
vertical bars. A minimum of one or a maximum of all can be
selected.
[ x | y | ... ] *
Optional alternative items are grouped in square brackets
and separated by vertical bars. Many or none can be
selected.
&<1-n>
The argument(s) before the ampersand (&) sign can be
entered 1 to n times.
# A line starting with the # sign is comments.
II. GUI conventions
Convention Description
< >
Button names are inside angle brackets. For example, click
<OK>.
[ ]
Window names, menu items, data table and field names
are inside square brackets. For example, pop up the [New
User] window.
/
Multi-level menus are separated by forward slashes. For
example, [File/Create/Folder].
III. Symbols
Convention Description
Warning
Means reader be extremely careful. Improper operation
may cause bodily injury.
Caution
Means reader be careful. Improper operation may cause
data loss or damage to equipment.
Note
Means a complementary description.
Related Documentation
In addition to this manual, each H3C S9500 Series Routing Switches documentation
set includes the following:
Manual Description
H3C S9500 Series Routing Switches
Installation Manual
It introduces the installation procedure,
commissioning, maintenance and
monitoring of the S9500 series routing
switches.
H3C S9500 Series Routing Switches
Command Manual
It includes Feature List and Command
Index, Access Volume, IP Service
Volume, IP Routing Volume, IP Multicast
Volume, MPLS VPN Volume, QoS ACL
Volume, Security Volume, and System
Volume.
Obtaining Documentation
You can access the most up-to-date H3C product documentation on the World Wide
Web at this URL: http://www.h3c.com.
The following are the columns from which you can obtain different categories of product
documentation:
[Products & Solutions]: Provides information about products and technologies.
[Technical Support & Document > Technical Documents]: Provides several categories
of product documentation, such as installation and operation.
[Technical Support & Document > Product Support > Software]: Provides the
documentation released with the software version.
Documentation Feedback
You can e-mail your comments about product documentation to [email protected].
We appreciate your comments.
Operation Manual
H3C S9500 Series Routing Switches IP Services Volume Organization
Manual Version
T2-08165E-20081225-C-1.24
Product Version
S9500-CMW310-R1648
Organization
The IP Services Volume is organized as follows:
Features
(operation
manual)
Description
ARP
Address Resolution Protocol (ARP) is used to resolve an IP
address into a data link layer address. The volume describes:
z ARP configuration
z ARP table size configuration
z ARP attack prevention configuration
z IP packet attack prevention configuration
IP Address
An IP address is a 32-bit address allocated to a network
interface on a device that is attached to the Internet. The
volume describes:
z Introduction to IP addresses
z IP address configuration
z IP address protection configuration
VRRP
The Virtual Router Redundancy Protocol (VRRP) is a
fault-tolerant protocol. The volume describes:
z Introduction to VRRP
z VRRP configuration
DHCP
DHCP is built on a client-server model, in which the client
sends a configuration request and then the server returns a
reply to send configuration parameters such as an IP address
to the client. The volume describes:
z DHCP overview
z DHCP server configuration
z DHCP relay agent configuration
z DHCP snooping configuration
DNS
Used in the TCP/IP application, Domain Name System (DNS)
is a distributed database which provides the translation
between domain name and the IP address. The volume
describes:
z Introduction to DNS
z DNS configuration
Operation Manual
H3C S9500 Series Routing Switches IP Services Volume Organization
Features
(operation
manual)
Description
UDP Helper
UDP Helper (UDPH) functions as a relay agent that converts
UDP broadcast packets into unicast packets and forwards
them to a specified server. The volume describes:
z UDP Helper overview
z UDP Helper configuration
NAT
NAT is the procedure of translating the IP address in the
header of an IP data packet into another IP address. The
volume describes:
z NAT overview
z NAT configuration
IP Performance
In some network environments, you need to adjust the IP
parameters to achieve best network performance. The volume
describes:
z IP performance configuration
URPF
Unicast reverse path forwarding (URPF) serves as a safeguard
against source address spoofing attacks. The volume describes:
z URPF overview
z URPF configuration
Operation Manual – ARP
H3C S9500 Series Routing Switches Table of Contents
i
Table of Contents
Chapter 1 ARP Configuration.......................................................................................................1-1
1.1 Introduction to ARP............................................................................................................1-1
1.2 Configuring ARP................................................................................................................1-3
1.2.1 Enabling/Disabling ARP Entry Checking ................................................................1-3
1.2.2 Adding/Deleting a Static ARP Entry........................................................................1-3
1.2.3 Configuring the Dynamic ARP Aging Timer............................................................1-4
1.2.4 Adding/Deleting Multicast ARP Ports......................................................................1-4
1.2.5 Proxy ARP Configuration........................................................................................1-6
1.2.6 Gratuitous ARP Learning Configuration..................................................................1-7
1.2.7 Configuring ARP Packets Not to Broadcast in VLAN .............................................1-8
1.3 Displaying and Debugging ARP ........................................................................................1-8
Chapter 2 ARP Table Size Configuration.................................................................................... 2-1
2.1 Introduction to ARP Table Size Configuration...................................................................2-1
2.2 Configuring ARP Table Size Dynamically .........................................................................2-2
2.2.1 Configuration Tasks ................................................................................................2-2
2.2.2 Configuring ARP Table Size Dynamically...............................................................2-2
2.3 Displaying ARP Table Size Configuration .........................................................................2-3
2.4 ARP Table Size Configuration Example............................................................................2-3
Chapter 3 ARP Attack Prevention Configuration.......................................................................3-1
3.1 ARP Spoofing Attack Prevention.......................................................................................3-1
3.1.1 Introduction to ARP Spoofing Attack Prevention ....................................................3-1
3.1.2 Configuring ARP Spoofing Attack Prevention.........................................................3-3
3.2 ARP Duplicate Gateway Attack Prevention.......................................................................3-3
3.2.1 Introduction to ARP Duplicate Gateway Attack Prevention ....................................3-3
3.2.2 Configuring ARP Duplicate Gateway Attack Prevention......................................... 3-4
3.3 ARP Packet Attack Prevention..........................................................................................3-4
3.3.1 Introduction to ARP Packet Attack Prevention........................................................3-4
3.3.2 Configuring ARP Packet Attack Prevention............................................................3-5
3.4 ARP Attack Prevention Configuration Example.................................................................3-6
Chapter 4 IP Packet Attack Prevention Configuration ..............................................................4-1
4.1 Introduction to IP Packet Attack Prevention ......................................................................4-1
4.2 Configuring IP Packet Attack Prevention...........................................................................4-1
Operation Manual – ARP
H3C S9500 Series Routing Switches Chapter 1 ARP Configuration
1-1
Chapter 1 ARP Configuration
When configuring ARP, go to these sections for information you are interested in:
z Introduction to ARP
z Configuring ARP
z Displaying and Debugging ARP
1.1 Introduction to ARP
Address resolution protocol (ARP) is used to resolve an IP address into a MAC
address.
I. Why ARP
An IP address cannot be directly used for communication on an Ethernet because
network devices can identify only MAC addresses. An IP address is a network layer
address. To send datagrams through the network layer to the destination host, the MAC
address of the host is required. Therefore, the IP address must be resolved into a MAC
address.
II. ARP address resolution process
Figure 1-1 ARP address resolution process
Suppose that Host A and Host B are on the same subnet and Host A sends a packet to
Host B. The resolution process is as follows:
1) Host A checks its ARP table to see whether there is an ARP entry for Host B. If yes,
Host A uses the MAC address in the entry to encapsulate the IP packet into a data
link layer frame and sends the frame to Host B.
2) If Host A finds no entry for Host B, Host A buffers the packet and broadcasts an
ARP request, in which the sender IP address and sender MAC address are
respectively the IP address and MAC address of Host A and the target IP address
Operation Manual – ARP
H3C S9500 Series Routing Switches Chapter 1 ARP Configuration
1-2
and target MAC address are respectively the IP address of Host B and an all-zero
MAC address. Because the ARP request is broadcast, all hosts on this subnet can
receive the request, but only the requested host (namely, Host B) will process the
request.
3) Host B compares its own IP address with the target IP address in the ARP request.
If they are the same, Host B saves the sender IP address and sender MAC
address into its ARP table, encapsulates its MAC address into an ARP reply, and
unicasts the reply to Host A.
4) After receiving the ARP reply, Host A adds the MAC address of Host B into its ARP
table.
If Host A and Host B are not on the same subnet, Host A first sends an ARP request to
the gateway. The target IP address in the ARP request is the IP address of the gateway.
After obtaining the MAC address of the gateway from an ARP reply, Host A sends the
packet to the gateway. If the gateway maintains the ARP entry of Host B, it forwards the
packet to Host B directly; if not, it broadcasts an ARP request, in which the target IP
address is the IP address of Host B. After obtaining the MAC address of Host B, the
gateway sends the packet to Host B.
III. ARP concepts
ARP entries used in S9500 series routing switches include dynamic ARP entries and
static ARP entries.
z Dynamic ARP entries are automatically created and maintained by the ARP
protocol through ARP packets. They can be discarded after the aging time expires,
and updated by new ARP packets. They can also be overwritten by permanent
static ARP entries and non-permanent static ARP entries. When the aging time
expires, a port is disabled or a VLAN interface is disabled, the corresponding
dynamic ARP entry will be deleted.
z Static ARP entries are configured and maintained manually.
Static entries are further divided into permanent static ARP entries and non-permanent
static ARP entries.
z Permanent ARP entries contain all elements of an ARP entry. They can forward
data directly. They cannot be aged, or overwritten by dynamic ARP entries.
z Non-permanent ARP entries are configured with only IP addresses and MAC
addresses other than VLANs and output interfaces. They are generally used for
users requiring IP-MAC bindings. Its initial state is non-resolution, so it cannot
forward data directly. It can obtain VLANs and egresses dynamically through ARP
packets. A resolved non-permanent static ARP entry can forward data and will not
be aged. When a port or VLAN interface is disabled, the corresponding static ARP
entry will be restored to the non-resolution state.
Operation Manual – ARP
H3C S9500 Series Routing Switches Chapter 1 ARP Configuration
1-3
1.2 Configuring ARP
The ARP table can be maintained dynamically or manually. Usually, the manually
configured mappings are known as static ARP entries. The user can display, add or
delete such entries with commands.
The following sections describe static ARP configuration tasks:
z Enabling/Disabling ARP Entry Checking
z Adding/Deleting a Static ARP Entry
z Configuring the Dynamic ARP Aging Timer
z Adding/Deleting Multicast ARP Ports
z Proxy ARP Configuration
z Gratuitous ARP Learning Configuration
z Configuring ARP Packets Not to Broadcast in VLAN
1.2.1 Enabling/Disabling ARP Entry Checking
Perform the following configuration in system view to enable/disable ARP entry
checking:
To do… Use the command…
Enable the ARP entry checking function so that the
switch will not learn any ARP entry containing a
multicast MAC address
arp check enable
Disable the ARP entry checking function so that the
switch can learn ARP entries containing multicast MAC
addresses
undo arp check enable
By default, the ARP entry checking function is enabled, that is, the switch is disabled
from learning ARP entries for multicast MAC addresses.
1.2.2 Adding/Deleting a Static ARP Entry
Perform the following configuration in system view to add/delete a static ARP mapping
entry.
To do… Use the command…
Add a static ARP entry
arp static ip-address [ mac-address [ vlan-id
{ interface-type interface-number } ] [ vpn-instance
vpn-instance-name ] ]
Delete a static ARP entry undo arp ip-address
By default, the ARP table is empty and ARP entries are obtained through dynamic ARP.
Note that:
Operation Manual – ARP
H3C S9500 Series Routing Switches Chapter 1 ARP Configuration
1-4
z As long as a switch operates, its static ARP entries remain valid unless you
change or remove a VLAN interface, remove a VLAN, or remove a port from a
VLAN. These operations cause the corresponding static ARP mapping entries to
be automatically removed.
z The vlan-id argument must be the ID of an existing VLAN, and the Ethernet port
specified behind this argument must belong to the VLAN.
z The vpn-instance-name argument must be the VPN instance name of an existing
MPLS VPN.
z The port specified in an ARP entry can be a manually aggregated port, instead of a
statically or dynamically aggregated port.
z If the mac-address of an ARP entry is a multicast MAC address, the system will
take this ARP entry as a multicast ARP entry.
z Automatic fill-in of MAC addresses is enabled only after IP address protection is
enabled on the interface.
z After the first automatic fill-in, the corresponding ARP entries become common
static ARP entries and cannot be filled in again.
1.2.3 Configuring the Dynamic ARP Aging Timer
You can configure an age for dynamic ARP entries.
Perform the following configuration in system view to configure the dynamic ARP aging
timer.
To do… Use the command…
Configure the dynamic ARP aging timer arp timer aging aging-time
Restore the default dynamic ARP aging time
undo arp timer aging
By default, the dynamic ARP aging timer is 20 minutes.
1.2.4 Adding/Deleting Multicast ARP Ports
The multicast ARP feature allows you to associate a common unicast route to a Layer 2
multicast group by creating a static multicast ARP entry. In this way, a packet matching
the entry can be forwarded out multiple ports. In brief, a multicast ARP entry is a static
ARP entry with a multicast MAC address and corresponds to multiple ports.
You can use the multi-port keyword in the following command to add a port for a
multicast ARP entry. Only one port can be added every time the command is executed.
If the multicast ARP entry does not exist, a new multicast ARP entry is generated. If the
multicast ARP entry exists and the same port exists, the switch will not add the port.
Follow these steps to add a port for a multicast ARP entry in system view:
Operation Manual – ARP
H3C S9500 Series Routing Switches Chapter 1 ARP Configuration
1-5
To do… Use the command… Remarks
Enter system view
system-view
Add a port for the
multicast ARP
entry
arp static ip-address mac-address vlan-id
multi-port interface-type interface-number
[ vpn-instance vpn-instance-name ]
To remove the configuration, use the corresponding undo command.
After the configuration, you can use the display arp multi-port command in any view
to check the detailed information about multicast ARP entry configuration.
Caution:
z Up to 64 multicast ARP entries are supported, with each entry having up to 100
outgoing ports. A manual port aggregation group is considered a single port.
z An outgoing port of a multicast ARP entry can be a manually aggregated port or a
common port, but cannot be a statically or dynamically aggregated port.
z As specified in the IEEE 802.3ad standard, if a port is disabled but the dynamic port
aggregation function is enabled, the port is not an aggregated port, but a common
one. Therefore, the port can be configured as a port for a multicast ARP entry. After
the port is enabled, the port becomes a dynamically aggregated port and will be
removed from the multicast ARP entry.
z The IP addresses of multicast ARP entries are unicast IP addresses.
z For the MAC addresses of multicast ARP entries, well-known multicast MAC
addresses are not recommended.
z Multicast static ARP entries overwrite dynamic, non-permanent static and
permanent static ARP entries with the same IP addresses, but not vice versa.
z If a port with a number smaller than those in an aggregation group (for example, the
port is on an interface card with a smaller slot number) is added into the group, the
ports in this aggregation group will be removed from multicast ARP; while other
ports will not be affected.
z For an aggregation of ports on different interface cards, if removing an interface
card with a smaller slot number can cause primary port switchover, doing so will
remove the ports of this aggregation group from multicast ARP; while other ports will
not be affected.
z If an aggregation group is removed, ports in this group are removed from multicast
ARP; while other ports are not affected.
z No matter the state of the primary port in an aggregation is up or down, ports in the
aggregation group will not be removed from multicast ARP.
Operation Manual – ARP
H3C S9500 Series Routing Switches Chapter 1 ARP Configuration
1-6
1.2.5 Proxy ARP Configuration
I. Enable proxy ARP for Sub-VLANs
With the super VLAN function enabled, a device also needs to be enabled with the
proxy ARP function for Layer 3 communications between sub-VLANs. If you enable the
proxy ARP function on a device that is connected to two sub-VLANs, the device
forwards packets between the sub-VLANs at Layer 3. In this way, ports isolated at
Layer 2 can communicate at Layer 3.
Follow these steps to enable proxy ARP in VLAN view:
To do… Use the command… Remarks
Enter system view
system-view
Enter VLAN view
vlan vlan-id
Use the vlan-id argument to
specify the ID of a sub-VLAN.
Enable ARP proxy
arp proxy enable
By default, proxy ARP is disabled.
Use the undo form of the command to remove the configuration.
II. Enable proxy ARP in VLAN interface view
With proxy ARP enabled in VLAN interface view, upon receiving an ARP request, a
device sends back an ARP response directly if the following conditions are met:
z The sender IP address of the ARP request is on the same network segment as the
receiving VLAN interface.
z The target IP address of the ARP request is on another network segment.
z The route corresponding to the target IP address of the ARP request exists and
the outgoing interface of the route is not the receiving interface of the ARP
request.
Follow these steps to enable proxy ARP in VLAN interface view:
To do… Use the command… Remarks
Enter system view
system-view
Enter VLAN interface view
vlan-interface vlan-id
Use the vlan-id argument
to specify the ID of a
common VLAN.
Enable proxy ARP
arp proxy enable
By default, proxy ARP is
disabled.
Operation Manual – ARP
H3C S9500 Series Routing Switches Chapter 1 ARP Configuration
1-7
III. Enable local proxy ARP
With local proxy ARP enabled, the device directly sends back an ARP response if it
receives an ARP request whose sender and target IP addresses are on the same
network segment as the receiving VLAN interface.
Follow these steps to enable local proxy ARP:
To do… Use the command… Remarks
Enter system view
system-view
Enter VLAN interface view
vlan-interface vlan-id
Use the vlan-id argument
to specify the ID of a
common VLAN.
Enable local proxy ARP
arp local-proxy enable
By default, local proxy
ARP is disabled.
1.2.6 Gratuitous ARP Learning Configuration
I. Introduction to Gratuitous ARP Packets
The following are the characteristics of gratuitous ARP packets:
z Both source and destination IP addresses carried in a gratuitous ARP packet are
the local IP address, and the source MAC address carried in it is the local MAC
address.
z If a device finds that the IP address carried in a received gratuitous packet is its IP
address, it returns an ARP response to the sending device.
By sending a gratuitous ARP packet, a network device can:
z Check whether its IP address conflicts with that of any other device;
z Trigger other network devices to update its hardware address stored in their
caches.
With the gratuitous ARP packet learning function enabled, a network device stores the
source IP and MAC addresses of a received gratuitous ARP packet in its ARP table if it
has no such an entry or updates the entry if it has.
Operation Manual – ARP
H3C S9500 Series Routing Switches Chapter 1 ARP Configuration
1-8
II. Gratuitous ARP packet learning configuration
Follow these steps to configure the gratuitous ARP packet learning function:
To do… Use the command… Remarks
Enter system view
system-view
Enable the gratuitous
ARP packet learning
function
gratuitous-arp-learning
enable
Required
By default, the gratuitous
ARP packet learning
function is enabled.
1.2.7 Configuring ARP Packets Not to Broadcast in VLAN
In order to disable any two hosts in the same network segment from access to each
other, you can configure the device to forward ARP requests as trap packets to the CPU
rather than broadcast in the VLAN. Thus, the two hosts cannot learn the addresses of
each other through ARP packets.
Follow these steps to limit the flooding of ARP request packets in a VLAN:
To do… Use the command… Remarks
Enter system view
system-view
Enter Ethernet port
view
interface interface-type
interface-number
The port specified by the
interface-type argument can
be an Ethernet port only
Limit the flooding of
ARP requests in a
VLAN
arp non-flooding enable
Required
This function is disabled by
default.
1.3 Displaying and Debugging ARP
To do… Use the command… Remarks
Display ARP entry
information
display arp [ ip-address | [ dynamic |
static | vlan vlan-id | interface
interface-type interface-number ] [ |
{ begin | include | exclude } text ] ]
Display the current setting
of the dynamic ARP aging
timer
display arp timer aging
Display multicast ARP entry
configuration information
display arp multi-port [ ip-address ]
Display proxy ARP
information
display arp proxy [ vlan vlan-id]
Available in
any view
Operation Manual – ARP
H3C S9500 Series Routing Switches Chapter 1 ARP Configuration
1-9
To do… Use the command… Remarks
Clear specified ARP entries
reset arp [ dynamic | static |
interface { interface-type
interface-number } | all ]
Enable ARP debugging
debugging arp { error | info | packet |
entry-check }
Disable ARP debugging
undo debugging arp { error | info |
packet | entry-check }
Available in
user view
Operation Manual – ARP
H3C S9500 Series Routing Switches Chapter 2 ARP Table Size Configuration
2-1
Chapter 2 ARP Table Size Configuration
When configuring the ARP table size, go to these sections for information you are
interested in:
z Introduction to ARP Table Size Configuration
z Configuring ARP Table Size Dynamically
z Displaying ARP Table Size Configuration
z ARP Table Size Configuration Example
2.1 Introduction to ARP Table Size Configuration
You can manually configure the maximum number of ARP entries (that is, the size of a
ARP table) on an S9500 routing switch as needed.
Table 2-1 lists the specifications and numbers of ARP entries on cards with different
model suffixes.
Table 2-1 Specifications and numbers of ARP entries on cards with different model
suffixes
Model
suffix
IP address
format and
number of
FIB entries
supported
MPLS
support
Maximum
number of
ARP entries
supported by
the whole
switch if the
card exists in
the system
Maximum
number of
ARP
entries
supported
by the card
Maximum
number of
aggregation
ARP entries
supported
by the card
B IPv4-128K
DA
IPv4-128K/I
Pv6-7K
DB
IPv4-128K/I
Pv6-64K
DC
IPv4-256K/I
Pv6-128K
Not
supported
4K 4K 0K, 1K, 3K
C IPv4-128K
CA IPv4-256K
CB IPv4-512K
Supported 4K, 64K
4K, 5K, 6K,
7K, 8K
0K, 1K, 3K,
7K, 8K
Operation Manual – ARP
H3C S9500 Series Routing Switches Chapter 2 ARP Table Size Configuration
2-2
Note:
z You can distinguish the model suffix of a card by the silkscreen at the upper right
corner of the front panel. For example, the silkscreen of the LSB1GP12B0 card is
GP12B, and so the suffix of this card is B.
z If the suffix of a card is "C" or "CA", you can configure the maximum ARP entries as
64 K only when only this type of cards exist in the system. Up to 8K of ARP entries
can be configured for a card.
Caution:
z After the configuration of a non-permanent static ARP entry, the system will include
it into the number of non-aggregation ARP entries. If the non-permanent static ARP
entry is resolved from a non-aggregated port, the number of non-aggregation ARP
entries will remain unchanged; if the non-permanent static ARP entry is resolved
from an aggregated port, it will be deducted from the number of non-aggregation
ARP entries and included into the number of aggregation ARP entries.
z As a non-permanent static ARP entry is included into the number of normal ARP
entries like a normal permanent static ARP entry, if a card is configured to support
up to 8K aggregation ARP entries, the card does not support the configuration of
neither kind.
2.2 Configuring ARP Table Size Dynamically
2.2.1 Configuration Tasks
z Configuring the maximum number of ARP entries supported by a card
z Configuring the maximum number of aggregation ARP entries supported by a card
z Configuring the maximum number of ARP entries supported by the switch
2.2.2 Configuring ARP Table Size Dynamically
Follow these steps to configure ARP table size dynamically:
To do… Use the command… Remarks
Enter system view
system-view
Configure the maximum
number of ARP entries
supported by a card
arp max-entry slot-num
max-num
The maximum number of
ARP entries supported by
a card is 4K by default.
/