< Home

mac-forced-forwarding arp-trigger

Function

The mac-forced-forwarding arp-trigger command enables an EAN to add or update an MFF entry when receiving an ARP packet from a user.

The mac-forced-forwarding arp-trigger command disables an EAN from adding or updating an MFF entry when receiving an ARP packet from a user.

By default, the EAN does not add or update an MFF entry when receiving an ARP packet from a user.

Format

mac-forced-forwarding arp-trigger

undo mac-forced-forwarding arp-trigger

Parameters

N/A

Views

VLAN view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In a data center, users and virtual machine (VM) servers are isolated at Layer 2 on EAN devices using MFF. If a VM connects to another EAN and does not send DHCP request packets after migrating between servers, the backup binding table may exist on the new EAN device and the original EAN may still reserve the MFF entry. This cannot ensure security of Layer 2 isolation and Layer 3 communication between users and servers. Run the mac-forced-forwarding arp-trigger command on the new EAN to enable it to check binding entries when receiving an ARP packet from the user. If an entry matches the user, the EAN updates the MFF entry. If no entry matches the user, the EAN adds a new entry. The EAN broadcasts the ARP packet to all network interfaces when receiving the first ARP packet regardless of whether the user entry exists.

Prerequisite

MFF has been enabled in the system view and VLAN view using the mac-forced-forwarding enable command.

Example

# Enable the EAN to add or update the MFF entries when receiving an ARP packet from a user in VLAN 100.

<HUAWEI> system-view
[HUAWEI] vlan 100
[HUAWEI-vlan100] mac-forced-forwarding enable
[HUAWEI-vlan100] mac-forced-forwarding arp-trigger
Parent Topic: MFF Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >