clear arp-cache
The commands clears ARP table.
Syntax
clear arp-cache [ <OPTIONS> ]
Parameters
<OPTIONS> – command parameters for detailed information, optional parameter:
- <VRF> – VRF instance name, set by the string of up to 31 characters. An optional parameter that, if specified, will clear the ARP table in the specified VRF;
- <IF> – an interface's name, specified in the form described in Section Types and naming order of router interfaces;
- <TUN> – the name of the tunnel is specified as described in section Types and naming order of router tunnels;
- <ADDR> – default gateway IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255];
- <ADDR> – MAC address to be searched, defined as XX:XX:XX:XX:XX:XX where each part takes the values of [00..FF].
Required privilege level
10
Command mode
ROOT
Example
esr# clear arp-cache ip-address 10.0.0.8
clear ipv6 neighbors
The command clears the IPv6 Neighbor Discovery tables contents.
Syntax
clear ipv6 neighbors [<OPTIONS> ]
Parameters
<OPTIONS> – command parameters for detailed information, optional parameter:
- <VRF> – VRF instance name, set by the string of up to 31 characters. When specifying this parameter, IPv6 Neighbor Discovery table will be cleared in a specified VRF;
- <IF> – an interface's name, specified in the form described in Section Types and naming order of router interfaces;
- <IPV6-ADDR> – IPv6 address to be searched, defined as X:X:X:X::X where each part takes values in hexadecimal format [0..FFFF];
- <ADDR> – MAC address to be searched, defined as XX:XX:XX:XX:XX:XX where each part takes the values of [00..FF].
Required privilege level
10
Command mode
ROOT
Example
esr# clear ipv6 neighbors
clear mac address-table
The command is used to delete information about learned MAC addresses.
Syntax
clear mac address-table [ <IF> | vlan <VLAN-ID>] host-port <U/S/P>]
Parameters
<IF> – an interface's name, specified in the form described in Section Types and naming order of router interfaces.
<VLAN ID> – VLAN number. It is possible to specify a vlan list using the ',' symbol without spaces, a vlan range using the '-' symbol and/or a combination of lists and ranges.
host-port – deleting information about learned MAC addresses on the interface of a packet processor.
<U/S/P> – Unit (1), slot (0) and interface number of the packet processor.
Required privilege level
10
Command mode
ROOT
Example
esr# clear mac address-table
ip arp
This command adds a static entry to the ARP table.
The use of a negative form (no) of the command removes the static entry from the ARP table.
Syntax
ip arp [ vrf <VRF> ] <IP> <MAC> {<IF> | <TUN>}
no ip arp [ vrf <VRF> ] <IP>
Parameters
<VRF> – VRF name, set by the string of up to 31 characters.
<IP> – host IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].
<MAC> – MAC address of the client, which will be given the IP address, defined as XX: XX: XX: XX: XX: XX where each part takes the values of [00..FF];
<IF> – an interface's name, specified in the form described in Section Types and naming order of router interfaces;
<TUN> – the name of the tunnel is specified as described in section Types and naming order of router tunnels.
Required privilege level
10
Command mode
CONFIG
Example
esr(config-if-gi)# ip arp 192.168.54.22 a8:f9:4b:ab:2e:d0 bridge 3
ip arp reachable-time
The command sets lifetime of the record in the ARP table.
The use of a negative form (no) of the command sets the default value of arp reachable-time parameter.
Syntax
ip arp reachable-time <TIME>
no ip arp reachable-time
Parameters
<TIME> – lifetime of dynamic MAC addresses, in milliseconds. Allowed values are from 5000 to 100000000 milliseconds. Real time of the entry update varies from [0,5;1,5]*<TIME>.
Required privilege level
10
Default value
160000
Command mode
CONFIG
CONFIG-GI
CONFIG-TE
CONFIG-SUBIF
CONFIG-QINQ-IF
CONFIG-PORT-CHANNEL
CONFIG-LOOPBACK
CONFIG-BRIDGE
Example
esr(config-if-gi)# ip arp reachable-time 6000
ipv6 nd
This command adds a static entry to the ND table.
The use of a negative form (no) of the command removes the entry from the ND table.
Syntax
ipv6 nd [ vrf <VRF> ] <IPV6> <MAC> {<IF> | <TUN>}
no ipv6 nd [ vrf <VRF> ] <IP>
Parameters
<VRF> – VRF name, set by the string of up to 31 characters.
<IPV6-ADDR> – IPv6 address, defined as X:X:X:X::X where each part takes values in hexadecimal format [0..FFFF].
<MAC> – MAC address of the client, which will be given the IP address, defined as XX: XX: XX: XX: XX: XX where each part takes the values of [00..FF];
<IF> – an interface's name, specified in the form described in Section Types and naming order of router interfaces;
<TUN> – the name of the tunnel is specified as described in section Types and naming order of router tunnels.
Required privilege level
10
Command mode
CONFIG
Example
esr(config-if-gi)# ip arp 192.168.54.22 a8:f9:4b:ab:2e:d0 bridge 3
ipv6 nd reachable-time
This command sets the time during which the remote IPv6 host is considered available when there is no host activity.
The use of a negative form (no) of the command sets the default value of nd reachable-time parameter.
Syntax
ipv6 nd reachable-time <TIME>
no ipv6 nd arp reachable-time
Parameters
<TIME> is the lifetime of an IPv6 remote node entry in the ND protocol table, in milliseconds. Allowed values are from 5000 to 100000000 milliseconds. Real time of the entry update varies from [0,5;1,5]*<TIME>.
Default value
30000
Required privilege level
10
Command mode
CONFIG
CONFIG-GI
CONFIG-TE
CONFIG-SUBIF
CONFIG-QINQ-IF
CONFIG-LOOPBACK
CONFIG-PORT-CHANNEL
CONFIG-BRIDGE
Example
esr(config-if-gi)# ipv6 nd reachable-time 27000
mac address-table aging time
The command sets the lifetime of dynamic MAC addresses in forwarding table.
The use of a negative form (no) of the command sets the default 'aging time'.
Syntax
mac address-table aging-time <AGING TIME>
[no] mac address-table aging time
Parameters
<AGING TIME> – lifetime of dynamic MAC addresses, in seconds. Allowed values:
- ESR-1000/1200/1500/1510/1700 – from 10 to 630 seconds. If set to 0, the timer is off.
- ESR-10/12V/12VF/14VF/20/21/100/200 – from 20 to 630 seconds.
Default value
300
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# mac address-table aging-time 30
mac address-table save-secure-freq
In the current firmware version this functionality is supported by ESR-1000/1200/1500/1510/1700 routers only
The command sets the frequency of saving secure MAC addresses list.
The use of a negative form (no) of the command sets the default 'mac address-table save-secure-freq' value.
Syntax
mac address-table save-secure-freq <SAVE-SECURE-FREQ>
[no] mac address-table save-secure-freq
Parameters
<SAVE-SECURE-FREQ> – frequency of saving secure MAC addresses list, takes the value of [600..86400] seconds.
Default value
1200 seconds
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# mac address-table save-secure-freq 650
port-security max
In the current firmware version, this functionality is supported only by ESR-1000 router
The command sets the maximum number of MAC addresses allowed to be stored on port.
The use of a negative form (no) of the command disables 'port-security'.
Syntax
port-security max <MAX>
no port-security max
Parameters
<MAX> – maximum amount of MAC addresses to be stored by port, takes the values of [1..1024].
Required privilege level
15
Command mode
CONFIG-GI
CONFIG-TE
Example
esr(config-if-gi)# port-security max 1
port-security mode
In the current firmware version, this functionality is supported only by ESR-1000 router
The command configures 'port-security' mode.
The use of a negative form (no) of the command disables the security mode.
Syntax
port-security mode [<OPTIONS>]
no port-security mode
Parameters
<OPTIONS> – parameters of command to select 'port-security' mode:
limited – when enabling the mode:
- all learned MAC addresses are removed from a port;
- amount of addresses that port can store is limited by the current configuration;
- MAC addresses are not saved between hard resets;
- MAC addresses storage time depends on the lifetime of dynamic MAC addresses in forwarding table.
lock – when enabling the mode:
- all learned MAC addresses are saved on a port;
- port does not store new addresses;
- MAC addresses are saved between hard resets;
- MAC addresses storage time depends on the lifetime of dynamic MAC addresses in forwarding table.
secure-delete-on-reset – when enabling the mode:
- all learned MAC addresses are removed from a port;
- amount of addresses that port can store is limited by the current configuration;
- MAC addresses are not saved between hard resets;
- MAC addresses storage time does not depend on the lifetime of dynamic MAC addresses in forwarding table.
secure-permanent – when enabling the mode:
- all learned MAC addresses are removed from a port;
- amount of addresses that port can store is limited by the current configuration;
- MAC addresses are saved between hard resets;
- MAC addresses storage time does not depend on the lifetime of dynamic MAC addresses in forwarding table.
Required privilege level
15
Command mode
CONFIG-GI
CONFIG-TE
Example
esr(config-if-gi)# port-security mode secure-delete-on-reset esr(config-if-gi)# port-security mode secure-permanent
port-security unknown-sa-action
In the current firmware version, this functionality is supported only by ESR-1000 router
The command prohibits the transmission of packets with unknown MAC addresses.
The use of a negative form (no) of the command enables the transmission of packets with unknown MAC addresses.
Syntax
port-security unknown-sa-action discard
no port-security unknown-sa-action
Required privilege level
15
Command mode
CONFIG-GI
CONFIG-TE
Example
esr(config-if-gi)# port-security unknown-sa-action discard
show arp
This command displays ARP table.
Syntax
show arp [<OPTIONS>]
Parameters
<options> – command parameters for detailed information, optional parameter:
- <VRF> – VRF instance name, set by the string of up to 31 characters. When specifying this parameter, ARP table will be displayed in a specified VRF;
- <IF> – name of an interface or a list of interfaces is specified in the form described in Section Types and naming order of router interfaces. Only information on specified interfaces is displayed;
- <TUN> – names of tunnels are specified as described in section Types and naming order of router tunnels.
- mac-address <MAC> – MAC address to be searched, defined as XX:XX:XX:XX:XX:XX where each part takes the values of [00..FF];
- ip-address <ADDR> – IP address to be searched, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].
Required privilege level
1
Command mode
ROOT
Example
esr# show arp Interface IP address MAC address State Age(min) --------------- --------------- ----------------- --------------- ---------- bridge 1 192.168.1.1 a8:f9:4b:aa:00:40 -- -- gi1/0/5 10.255.100.1 d8:50:e6:d2:f0:46 reachable 2 gi1/0/5 10.255.100.5 a8:f9:4b:aa:00:45 -- --
show arp configuration
The command displays the values of ARP table entries lifetime.
Syntax
show arp configuration <IF>
Parameters
<IF> – system interface names, specified in the form described in Section Types and naming order of router interfaces;
Required privilege level
1
Command mode
ROOT
Example
esr# sh arp configuration gigabitethernet 1/0/1-5 Globally configured ARP reachable time is 6000 msec Interface ARP reachable time, msec --------------- ------------------------- gi1/0/1 6000 gi1/0/2 6000 gi1/0/3 6000 gi1/0/4 6000 gi1/0/4 6000
show ipv6 neighbors
The command displays IPv6 Neighbor Discovery tables.
Syntax
show ipv6 neighbors [<OPTIONS>]
Parameters
<OPTIONS> – command parameters for detailed information, optional parameter:
- <VRF> – VRF instance name, set by the string of up to 31 characters. When specifying this parameter, IPv6 Neighbor Discovery table will be displayed in a specified VRF;
- <IF> – name of an interface or a list of interfaces is specified in the form described in Section Types and naming order of router interfaces. Only information on specified interfaces is displayed;
- mac-address <MAC> – MAC address to be searched, defined as XX:XX:XX:XX:XX:XX where each part takes the values of [00..FF];
- ipv6-address <IPV6-ADDR> – IPv6 address to be searched, defined as X:X:X:X::X where each part takes values in hexadecimal format [0..FFFF].
Required privilege level
1
Command mode
ROOT
Example
esr# show ipv6 neighbors Interface IPv6 address MAC address State Age(min) --------------- ------------------------- ----------------- --------------- ---------- gi1/0/5 fc00::1 d8:50:e6:d2:f0:46 reachable 1 gi1/0/5 fc00::2 a8:f9:4b:aa:00:45 -- -- bridge 1 fe80::aaf9:4bff:feaa:40 a8:f9:4b:aa:00:40 -- -- bridge 2 fe80::aaf9:4bff:feaa:40 a8:f9:4b:aa:00:40 -- -- gi1/0/5 fe80::aaf9:4bff:feaa:45 a8:f9:4b:aa:00:45 -- -- gi1/0/5 ff02::16 33:33:00:00:00:16 norarp -- gi1/0/5 ff02::fb 33:33:00:00:00:fb norarp -- gi1/0/5 ff02::1:ff00:1 33:33:ff:00:00:01 norarp -- gi1/0/5 ff02::1:ff00:2 33:33:ff:00:00:02 norarp --
show ipv6 neighbors configuration
The command displays the lifetime values of a remote node entry in the ND protocol table.
Syntax
show ipv6 neighbors configuration <IF>
Parameters
<IF> – system interface names, specified in the form described in Section Types and naming order of router interfaces.
Required privilege level
1
Command mode
ROOT
Example
esr# sh ipv6 neighbors configuration tengigabitethernet 1/0/1-2 Globally configured NDP reachable time is 30000 msec Interface ND reachable time, msec --------------- ------------------------- te1/0/1 30000 te1/0/2 30000
show mac address-table
The command displays information about learned MAC addresses.
Syntax
show mac address-table [<OPTIONS>]
Parameters
<OPTIONS> – command parameters for detailed information, optional parameter. Possible options for the command parameters:
- count – show the number of entries in MAC table. The list of MAC addresses is not displayed;
- bridge <BRIDGE-ID> – view the information in the table for all MAC addresses learned on the bridge;
- interface <IF> – view the information in the table for all MAC addresses learned on a separate interface;
- vlan <VLAN-ID> – View the information in the table for all MAC addresses learned in one or more vlan;
- mac <ADDR> <MASK> – display information about a specific MAC address or group of MAC addresses by mask;
<IF> – system interface names, specified in the form described in Section Types and naming order of router interfaces;
<VLAN ID> – VLAN number. It is possible to specify a vlan list using the ',' symbol without spaces, a vlan range using the '-' symbol and/or a combination of lists and ranges.
mac-address <MAC> – MAC address to be searched, defined as XX:XX:XX:XX:XX:XX where each part takes the values of [00..FF];
<MAC-MASK> – MAC address mask, defined as XX:XX:XX:XX:XX:XX where each part takes the values of [00..FF]. Mask bits, set to zero, specify MAC address bits excluded from the comparison when searching. Mask default value: FF:FF:FF:FF:FF:FF;
- host-port <U/S/P> – deleting information about learned MAC addresses on the interface of a packet processor. Unit (1), slot (0) and interface number of the packet processor.
Required privilege level
10
Command mode
ROOT
Example
esr# show mac address-table VID MAC Address Interface Type ----- ------------------ ------------------------------ ------- 102 a8:f9:4b:aa:44:bb host-port 1/0/2 Dynamic 101 a8:f9:4b:aa:44:bb host-port 1/0/2 Dynamic 100 a8:f9:4b:aa:44:bb host-port 1/0/2 Dynamic 3 valid mac entries