arp scan

Function

The arp scan command configures ARP automatic scanning. This function enables the device to learn ARP entries by sending ARP Request packets to the network segment of the interface IP address.

Format

arp scan [ start-ip-address to end-ip-address ]

Parameters

Parameter	Description	Value
start-ip-address	Specifies the start IP address for ARP automatic scanning. The start IP address must be smaller than or equal to the end IP address.	The value is in dotted decimal notation.
end-ip-address	Specifies the end IP address for ARP automatic scanning. The end IP address must be greater than or equal to the end IP address.	The value is in dotted decimal notation.

Parameter

Description

Value

start-ip-address

Specifies the start IP address for ARP automatic scanning.

The start IP address must be smaller than or equal to the end IP address.

The value is in dotted decimal notation.

end-ip-address

Specifies the end IP address for ARP automatic scanning.

The end IP address must be greater than or equal to the end IP address.

The value is in dotted decimal notation.

Views

VLANIF interface view, GE interface view, GE sub-interface view, MultiGE interface view, MultiGE sub-interface view, 40GE interface view, 40GE sub-interface view, XGE interface view, 25GE interface view, XGE sub-interface view, 25GE sub-interface view, 100GE interface view, 100GE sub-interface view, Eth-Trunk interface view, or Eth-Trunk sub-interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the arp scan command to configure ARP automatic scanning so that the device can quickly learn ARP entries of the neighbors in the same network segment.

ARP automatic scanning is used together with fixed ARP. Run the arp scan command to enable the device to obtain dynamic ARP entries from all devices in the network. Then run the arp fixup command to configure the device to convert the obtained dynamic ARP entries to static ARP entries to prevent network attacks.

Prerequisites

On an Ethernet interface working in Layer 2 mode, the undo portswitch command has been run to switch the interface to Layer 3 mode.

Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support switching between Layer 2 and Layer 3 modes.

Precautions

The start and end IP addresses for ARP automatic scanning must be in the same network segment with the IP address of the interface, and the start IP address must be smaller than or equal to the end IP address.
If the IP address range is not specified, the device scans only the neighbors within the same network segment as the primary IP address of the interface.
The device does not scan the IP addresses in ARP entries.
ARP automatic scanning consumes a large number of system resources. You are advised to perform scanning when the resource usage is low and avoid other operations during scanning.
A VLAN must be configured on a sub-interface, and only one VLAN can be configured.
Automatic ARP scanning takes a long time if there is a large number of neighbors within the same network segment as the primary IP address of the interface. You can press Ctrl+C to stop scanning. The device generates dynamic ARP entries based on the ARP Reply packets received from neighbors before you stop the scanning. You can run the display arp dynamic command in any view to check all the dynamic ARP entries that the device has learned.

Example

# Enable ARP automatic scanning.

<HUAWEI> system-view
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] arp scan
Warning: This operation may take a long time, press CTRL+C to break. Continue?[Y/N]:y