arp static vni
Function
The arp static vni command configures a static ARP entry for a VXLAN tunnel.
The undo arp static vni command deletes a static ARP entry of a VXLAN tunnel.
By default, no static ARP entry is configured for a VXLAN tunnel.
Format
arp static ip-address mac-address vni vni-id { source-ip ip-address1 peer-ip ip-address2 } | { source-ipv6 ipv6-address1 peer-ipv6 ipv6-address2 }
undo arp static ip-address mac-address vni vni-id { source-ip ip-address1 peer-ip ip-address2 } | { source-ipv6 ipv6-address1 peer-ipv6 ipv6-address2 }
Only the S6730-S, S6730S-S, S5732-H, S5731-S, S5731S-S, S5731S-H, S5730-HI, S6730-H, S6730S-H, S5731-H, and S6720-HI support the source-ipv6 and peer-ipv6 parameters.
Parameters
| Parameter | Description | Value |
|---|---|---|
ip-address |
Specifies a destination IP address. |
The value is in dotted decimal notation. |
mac-address |
Specifies the destination MAC address mapping the destination IP address. |
The value is in H-H-H format. An H is a hexadecimal number of 1 to 4 digits. |
vni-id |
Specifies the VNI ID. |
The value is an integer that ranges from 1 to 16777215. |
source-ip ip-address1 |
Specifies the IP address of the source VTEP. |
The value is in dotted decimal notation. |
peer-ip ip-address2 |
Specifies the IP address of the destination VTEP. |
The value is in dotted decimal notation. |
source-ipv6 ipv6-address1 |
Specifies the IPv6 address of the source VTEP. |
The value consists of 128 bits, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format of X:X:X:X:X:X:X:X. |
peer-ipv6 ipv6-address2 |
Specifies the IPv6 address of the destination VTEP. |
The value consists of 128 bits, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format of X:X:X:X:X:X:X:X. |
Usage Guidelines
Usage Scenario
Static ARP entries are manually configured and maintained. They will not be aged out or overridden by dynamic ARP entries. Running the arp static vni command on a device to configure static ARP entries for a VXLAN tunnel increases communication security. Static ARP entries enable the local device and a specified device to communicate with each other using only specified MAC addresses. Attackers cannot modify mappings between IP addresses and MAC addresses in static ARP entries.
Prerequisites
A VXLAN tunnel and a Layer 3 gateway have been configured.
Precautions
If a static ARP entry already exists, the new configuration cannot be delivered.
The specified IP address must be in the same network segment as the outbound interface address in the ARP entry.
- When the VXLAN tunnel is created dynamically, the device does not support to configure a static ARP entry on a VXLAN tunnel-side interface.
Example
# Configure a static ARP entry for a VXLAN tunnel that maps the IP address 10.0.0.2 to the MAC address aaaa-fccc-1212.
<HUAWEI> system-view [HUAWEI] bridge-domain 10 [HUAWEI-bd10] vxlan vni 5000 [HUAWEI-bd10] quit [HUAWEI] interface vbdif 10 [HUAWEI-Vbdif10] ip address 10.0.0.10 255.255.255.0 [HUAWEI-Vbdif10] quit [HUAWEI] interface nve 1 [HUAWEI-Nve1] source 10.1.1.1 [HUAWEI-Nve1] vni 5000 head-end peer-list 10.2.2.2 [HUAWEI-Nve1] quit [HUAWEI] arp static 10.0.0.2 aaaa-fccc-1212 vni 5000 source-ip 10.1.1.1 peer-ip 10.2.2.2