The arp static bridge-domain command configures a static ARP entry on an interface of a VXLAN network.
The undo arp static bridge-domain command deletes a static ARP entry configured on an interface of a VXLAN network.
By default, no static ARP entry is configured on an interface of a VXLAN network.
arp static ip-address mac-address bridge-domain bd-id [ vid vlan-id1 [ cevid vlan-id2 ] ] interface interface-type interface-number.subnum
undo arp static ip-address mac-address bridge-domain bd-id [ vid vlan-id1 [ cevid vlan-id2 ] ] interface interface-type interface-number.subnum
arp static ip-address mac-address bridge-domain bd-id [ vid vlan-id3 ] interface interface-type interface-number
undo arp static ip-address mac-address bridge-domain bd-id [ vid vlan-id3 ] interface interface-type interface-number
| Parameter | Description | Value |
|---|---|---|
| ip-address | Specifies a destination IP address. |
The value is in dotted decimal notation. |
| mac-address | Specifies the destination MAC address mapping the destination IP address. |
The value is in H-H-H format. An H is a hexadecimal number of 1 to 4 digits. |
| bd-id | Specifies a BD ID. |
The value is an integer that ranges from 1 to 16777215. |
| vid vlan-id1 | Specifies the outer VLAN ID in the packet received by a sub-interface. |
The value is an integer that ranges from 1 to 4094. |
| cevid vlan-id2 | Specifies the inner VLAN ID in the packet received by a sub-interface. |
The value is an integer that ranges from 1 to 4094. |
| interface interface-type interface-number.subnum | Specifies a sub-interface. |
- |
| vid vlan-id3 | Specifies the VLAN ID in the packet received by a interface. |
The value is an integer that ranges from 1 to 4094. |
| interface interface-type interface-number | Specifies an interface. |
- |
Usage Scenario
Static ARP entries are manually configured and maintained. They will not be aged out or overridden by dynamic ARP entries. Therefore, you can run the arp static bridge-domain command on an interface of a VXLAN network to configure static ARP entries to increase communication security. Static ARP entries enable the local device and a specified device to communicate with each other using only specified MAC addresses. Attackers cannot modify mappings between IP addresses and MAC addresses in static ARP entries.
Prerequisites
The outbound interface has been added to a VLAN and bound to a BD.
Precautions
If a static ARP entry already exists, the new configuration cannot be delivered.
The specified ip-address must be in the same network segment as the outbound interface address in the ARP entry.
To specify the vid vlan-id and cevid vlan-id parameters, set the same encapsulation type as that on the interface first.
When you configure a static ARP entry on an interface of the S6720-EI and S6720S-EI, you must configure a static MAC address entry for the MAC address in the ARP entry. Otherwise, the switch will broadcast traffic from this MAC address.
# On the outbound interface GE0/0/1, configure a static ARP entry with the IP address and MAC address 10.1.1.2 and aaaa-fccc-1212, respectively.
<HUAWEI> system-view [HUAWEI] vlan 10 [HUAWEI-vlan10] quit [HUAWEI] interface GigabitEthernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] port link-type trunk [HUAWEI-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 [HUAWEI-GigabitEthernet0/0/1] quit [HUAWEI] bridge-domain 10 [HUAWEI-bd10] l2 binding vlan 10 [HUAWEI-bd10] quit [HUAWEI] interface vbdif 10 [HUAWEI-Vbdif10] ip address 10.1.1.1 255.255.255.0 [HUAWEI-Vbdif10] quit [HUAWEI] arp static 10.1.1.2 aaaa-fccc-1212 bridge-domain 10 vid 10 interface GigabitEthernet 0/0/1