Copyright |
© Ericsson AB 2009–2011. All rights reserved. No part of this document may be reproduced in any form without the written permission of the copyright owner. | |||
Disclaimer |
The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document. | |||
Trademark List |
|

1 Overview
This document provides an overview of the Address Resolution Protocol (ARP) features supported by the SmartEdge router and describes the tasks used to configure, monitor, and administer ARP. This document also provides ARP configuration examples.
This document applies to both the Ericsson SmartEdge® and SM family routers. However, the software that applies to the SM family of systems is a subset of the SmartEdge OS; some of the functionality described in this document may not apply to SM family routers.
For information specific to the SM family chassis, including line cards, refer to the SM family chassis documentation.
For specific information about the differences between the SmartEdge and SM family routers, refer to the Technical Product Description SM Family of Systems (part number 5/221 02-CRA 119 1170/1) in the Product Overview folder of this Customer Product Information library.
The SmartEdge router supports RFC 826, An Ethernet Address Resolution Protocol, also called Converting Network Protocol Addresses to 48.bit Ethernet Address for Transmission on Ethernet Hardware. In addition, the SmartEdge router supports the following features:
- A configurable ARP entry age timer
- The option to enable automatic deletion of dynamic ARP entries (as opposed to automatic refresh of the ARP table)
- The static IP ARP entry mapping of a unicast IP address to a multicast medium access control (MAC) address
2 Configuration and Operations Tasks
- Note:
- In this section, the command syntax in the task tables displays only the root command; for the complete command syntax, see the Command List.
2.1 Enable ARP
To enable ARP, perform the task described in Table 1.
Task |
Root Command |
Notes |
---|---|---|
Enable ARP. |
Enter this command in interface configuration mode. By default, ARP is already enabled. Use the no form of this command to disable ARP. |
2.2 Enable Secured ARP (Optional)
To enable secured ARP, perform the task described in Table 2. You can enable either secured ARP or proxy ARP on an interface.
Task |
Root Command |
Notes |
---|---|---|
Enable secured ARP. |
Enter this command in interface configuration mode. ARP must be enabled before you can enable secured ARP. |
2.3 Enable Proxy ARP (Optional)
To enable proxy ARP, perform the task described in Table 3. You can enable either secured ARP or proxy ARP on an interface.
Task |
Root Command |
Notes |
---|---|---|
Enable proxy ARP. |
Enter this command in interface configuration mode. ARP must be enabled before you can enable proxy ARP. |
2.4 Configure Static Entries in the ARP Table (Optional)
To configure static entries in the ARP table, perform the appropriate task described in Table 4. If you use both commands to specify the same IP address and MAC address, the most recently updated command takes precedence.
Task |
Root Command |
Notes |
---|---|---|
Configure an entry in the ARP table for a subscriber whose host cannot (or is not configured to) respond to ARP requests. |
Enter this command in subscriber configuration mode. | |
Configure an entry in the ARP table. |
Enter this command in context configuration mode. |
2.5 Configure the Automatic Deletion of ARP Entries (Optional)
To configure the automatic deletion of ARP table entries, perform the tasks described in Table 5; enter all commands in interface configuration mode.
Task |
Root Command |
Notes |
---|---|---|
Configure the automatic deletion of ARP entries. |
||
Modify the length of time entries remain in the ARP table before being automatically deleted. |
Optional. When you enable the ip arp delete-expired command, entries are deleted after 60 minutes by default. |
2.6 Set a Maximum Number of Incomplete ARP Entries (Optional)
When requesting the MAC address that corresponds to a particular IP address for a subscriber circuit, the SmartEdge system creates an incomplete entry in the ARP table and sends an ARP request packet. On reply, the entry is updated and completed. By default, the maximum number of incomplete entries that are allowed in the ARP table is 4,294,967,295.
To set a maximum allowable number of incomplete entries, perform the task described in Table 6.
Task |
Root Command |
Notes |
---|---|---|
Set a maximum allowable number of incomplete ARP entries. |
Enter this command in context configuration mode. |
2.7 Configure an ARP Policy to Prevent DoS Attacks
To configure a subscriber circuit or port to prevent denial of service (DoS) attacks, perform the tasks described in Table 7.
Task |
Root Command |
Notes |
---|---|---|
Enter protocol-rate-limit policy configuration mode |
Enter this command in global configuration mode. | |
Create a rate limit and burst threshold for incoming ARP packets. |
Enter this command in protocol-rate-limit policy configuration mode. | |
To configure a port for prevention of DoS ARP attacks, enter the port configuration mode. |
Enter this command in global configuration mode. | |
Apply the ARP policy to the port. |
Enter this command in port configuration mode. | |
To configure a subscriber circuit or circuits for prevention of DoS ARP attacks, enter the configuration mode for the default subscriber profile, a named subscriber profile, or an individual subscriber record. |
Enter this command in context configuration mode. | |
Apply the ARP policy to subscriber profile or individual subscriber record. |
Enter this command in subscriber configuration mode. | |
To configure a 802.1Q PVC for prevention of DoS ARP, enter dot1q PVC configuration mode. |
Enter the encapsulation command with the dot1q keyword. | |
Apply the ARP policy to the 802.1Q PVC. |
Enter this command in dot1q PVC configuration mode. | |
To configure an access link group or aggregated 802.1Q pseudocircuit in an access link group for prevention of DoS ARP, enter the access link group configuration mode or link PVC configuration mode within the link group. |
link-group(Global, DS-1, E1, Port Configuration modes) |
Enter the link-group command with the access keyword. Enter the encapsulation command with the dot1q keyword. |
Apply the ARP policy to access link group or aggregated 802.1Q pseudocircuit. |
Enter this command in access link-group configuration mode or aggregated link PVC configuration mode. |
2.8 Operations Tasks
- Note:
- In this section, the command syntax in the task tables displays only the root command; for the complete command syntax, see the Command List.
To monitor, troubleshoot, and administer ARP features, perform the ARP operations tasks described in Table 8. Enter the clear and debug commands in exec mode; enter the show commands in any mode.
Task |
Root Command |
---|---|
Clear all entries from the ARP table. |
|
Clear information for cross-connections between ATM PVCs and 802.1Q PVCs from the ARP table. |
|
Clear traffic statistics from the ARP table. |
|
Enable the generation of ARP debug messages for the current context. |
|
Display ARP information for the controller card. |
|
Display ARP information for both the Berkeley Standard Distribution (BSD) and the controller card for the current context. |
|
Display ARP information for both the BSD and the controller card for all contexts. |
|
Display ARP information for cross-connections between ATM PVCs and 802.1Q PVCs. |
|
Display ARP statistics. |
|
Display summary information about the ARP table. |
|
Display ARP information for the controller card. |
|
Display ARP commands for the current configuration. |
|
Display inverse ARP counters. |
|
Display secured ARP information. |
3 Configuration Examples
The following example enables secured ARP on the interface, intf-1:
[local]Redback(config-ctx)#interface intf-1 [local]Redback(config-if)#ip arp secured-arp
The following example creates a static entry in the ARP table for IP address, 31.22.213.124, and associates the IP address with the MAC address, 43:3:23:32:12:82. After 4 minutes (240 seconds), any ARP entry associated with the intf-2 interface is deleted from the ARP table:
[local]Redback(config-ctx)#ip arp 31.22.213.124 43:32:23:32:12:82 [local]Redback(config-ctx)#interface intf-2 [local]Redback(config-if)#ip arp delete-expired [local]Redback(config-if)#ip arp timeout 240