Configuring Arp Snooping; Overview; Configuration Procedure; Displaying And Maintaining Arp Snooping - HP 6125G Configuration Manual

Configuring ARP snooping

Overview

The ARP snooping feature is used in Layer 2 switching networks. It creates ARP snooping entries using
ARP packets, and the entries can be used by manual-mode MFF to answer ARP requests from a gateway.
For more information about MFF, see Security Configuration Guide.
If ARP snooping is enabled on a VLAN of a device, ARP packets received by the interfaces of the VLAN
are redirected to the CPU. The CPU uses ARP packets to create ARP snooping entries comprising source
IP and MAC addresses, VLAN and receiving port information.
The aging time and valid period of an ARP snooping entry are 25 minutes and 15 minutes, respectively.
If an ARP snooping entry is not updated within 15 minutes, it becomes invalid and cannot be used. After
that, if an ARP packet whose source IP and MAC addresses correspond with the entry is received, the
entry becomes valid, and its age timer restarts. If the age timer of an ARP entry expires, the entry is
removed.
If the ARP snooping device receives an ARP packet that has the same sender IP address as but a different
sender MAC address from a valid ARP snooping entry, it considers that an attack occurs. An ARP
snooping entry conflict occurs in this case. As a result, the ARP snooping entry becomes invalid and is
removed after 25 minutes.

Configuration procedure

To enable ARP snooping for a VLAN:
Step
1. Enter system view.
2. Enter VLAN view.
3. Enable ARP snooping.

Displaying and maintaining ARP snooping

Task
Display ARP snooping entries.
Remove ARP snooping entries.
Command
system-view
vlan vlan-id
arp-snooping enable
Command
display arp-snooping [ ip ip-address | vlan
vlan-id ] [ | { begin | exclude | include }
regular-expression ]
reset arp-snooping [ ip ip-address | vlan
vlan-id ]
18
Remarks
N/A
N/A
Disabled by default
Remarks
Available in any view
Available in user view