HP 6125G HP 6125G & 6125G/XG Blade Switches Layer 3 - IP Services Conf - Page 26

Configuring ARP snooping Overview The ARP snooping feature is used in Layer 2 switching networks. It creates ARP snooping entries using ARP packets, and the entries can be used by manual-mode MFF to answer ARP requests from a gateway. For more information about MFF, see Security Configuration Guide. If ARP snooping is enabled on a VLAN of a device, ARP packets received by the interfaces of the VLAN are redirected to the CPU. The CPU uses ARP packets to create ARP snooping entries comprising source IP and MAC addresses, VLAN and receiving port information. The aging time and valid period of an ARP snooping entry are 25 minutes and 15 minutes, respectively. If an ARP snooping entry is not updated within 15 minutes, it becomes invalid and cannot be used. After that, if an ARP packet whose source IP and MAC addresses correspond with the entry is received, the entry becomes valid, and its age timer restarts. If the age timer of an ARP entry expires, the entry is removed. If the ARP snooping device receives an ARP packet that has the same sender IP address as but a different sender MAC address from a valid ARP snooping entry, it considers that an attack occurs. An ARP snooping entry conflict occurs in this case. As a result, the ARP snooping entry becomes invalid and is removed after 25 minutes. Configuration procedure To enable ARP snooping for a VLAN: Step 1. Enter system view. 2. Enter VLAN view. 3. Enable ARP snooping. Command system-view vlan vlan-id arp-snooping enable Remarks N/A N/A Disabled by default Displaying and maintaining ARP snooping Task Display ARP snooping entries. Remove ARP snooping entries. Command Remarks display arp-snooping [ ip ip-address | vlan vlan-id ] [ | { begin | exclude | include } regular-expression ] Available in any view reset arp-snooping [ ip ip-address | vlan vlan-id ] Available in user view 18