Hide Navigation Pane
Show Navigation Pane
Download
SHA1
Configuring ARP
ARP can be configured on an E Series router with the following tasks:
- Adding a Static Entry in the ARP Cache
- Checking for Spoofed ARP Packets
- Configuring ARP Cache Entry Timeout
- Clearing Dynamic Entries from the ARP Cache
Adding a Static Entry in the ARP Cache
You can add a static (permanent) entry in the ARP cache using the arp command.
You can specify the ipAddress, interfaceType and interfaceSpecifier (as indicated in Interface Types and Specifiers in JunosE Command Reference Guide ), and an optional MAC address.
To add a static entry in the ARP cache:
- Issue the arp command in Global
Configuration mode.host1(config)#arp 192.56.20.1 gig 2/0 0090.1a00.0170
Note: You can issue this command only for Fast Ethernet interfaces, Gigabit Ethernet interfaces, 10-Gigabit Ethernet interfaces, and bridged Ethernet interfaces configured over ATM 1483.
Use the no version to remove an entry from the ARP cache.
Checking for Spoofed ARP Packets
You can configure the router to check for spoofed ARP packets received on an IP interface or an IP subinterface using the arp spoof-check command.
By default, E Series routers check all received ARP packets for spoofing and process only those ARP packets whose source IP address is outside the range of the network mask. ARP packets with a source IP address of 0.0.0.0 and the router IP address as the destination address are dropped because the router identifies them as spoofed packets.
In networks with digital subscriber line access multiplexers (DSLAMs), even if you configure the router to check for spoofed ARP packets, DSLAMs perform this task instead of the router. If you disable checking for spoofed ARP packets on the router in such networks, DSLAMs forward the received packets to the router for processing. You can, therefore, configure the router accordingly, depending on the way in which you want spoof-checking to be performed.
You cannot configure ARP spoof-checking on interfaces that do not support ARP, such as loopback interfaces and ATM point-to-point PVCs.
If you disable checking for spoofed ARP packets, all packets received by the router are processed. You can reenable checking for spoofed ARP packets on an interface at any time by using the arp spoof-check command after disabling it.
|
|
To enable spoof-checking for ARP packets received on an interface:
- Issue the arp spoof-check command
in Interface Configuration mode.host1(config-if)#arp spoof-check
Use the no version to disable checking for spoofed ARP packets received on a major IP interface or an IP subinterface.
Configuring ARP Cache Entry Timeout
You can specify how long an entry remains in the ARP cache using the arp timeout command. The default value is 21,600 seconds (6 hours). You can use the show config command to display the current value. If you specify a timeout of 0 seconds, entries are never cleared from the ARP cache.
|
|
To specify how long an entry remains in the ARP cache:
- Issue the arp timeout command
in Interface Configuration mode.host1(config-if)#arp timeout 8000
Note: You can issue this command only for Fast Ethernet interfaces, Gigabit Ethernet interfaces, 10-Gigabit Ethernet interfaces, and bridged Ethernet interfaces configured over ATM 1483.
Use the no version to restore the default value.
Clearing Dynamic Entries from the ARP Cache
You can clear a particular dynamic entry from the ARP cache using the clear arp command by specifying all of the following options:
- ipAddress—IP address in four-part dotted-decimal format corresponding to the local data link address
- interfaceType—Interface type; see Interface Types and Specifiers in JunosE Command Reference Guide
- interfaceSpecifier—Particular interface; format varies according to interface type; see Interface Types and Specifiers in JunosE Command Reference Guide
You can clear all dynamic entries from the ARP cache using the clear arp command with an asterisk (*).
To clear all dynamic entries:
- Issue the clear arp command
with an asterisk (*) in Privileged Exec
mode.host1#clear arp
