Address table operation
clear arp-cache
The commands clears ARP table.
Syntax
clear arp-cache [ <OPTIONS> ]
Parameters
<OPTIONS> – command parameters for detailed information, optional parameter:
- <VRF> – VRF instance name, set by the string of up to 31 characters. An optional parameter that, if specified, will clear the ARP table in the specified VRF;
- <IF> – an interface's name, specified in the form described in Section Types and naming order of router interfaces;
- <ADDR> – default gateway IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255];
- <ADDR> – MAC address to be searched, defined as XX:XX:XX:XX:XX:XX where each part takes the values of [00..FF].
Required privilege level
10
Command mode
ROOT
Example
esr# clear arp-cache ip-address 10.0.0.8clear ipv6 neighbors
The command clears the IPv6 Neighbor Discovery tables contents.
Syntax
clear ipv6 neighbors [<OPTIONS> ]
Parameters
<OPTIONS> – command parameters for detailed information, optional parameter:
- <VRF> – VRF instance name, set by the string of up to 31 characters. When specifying this parameter, IPv6 Neighbor Discovery table will be cleared in a specified VRF;
- <IF> – an interface's name, specified in the form described in Section Types and naming order of router interfaces;
- ipv6-address <IPV6-ADDR> – IPv6 address to be searched, defined as X:X:X:X::X where each part takes values in hexadecimal format [0..FFFF].
- <ADDR> – MAC address to be searched, defined as XX:XX:XX:XX:XX:XX where each part takes the values of [00..FF].
Required privilege level
10
Command mode
ROOT
Example
esr# clear ipv6 neighborsclear mac address-table
The command is used to delete information about learned MAC addresses.
Syntax
clear mac address-table [ { dynamic | static } ] [ { interface { <IF> | host-port <U/S/P> } | bridge <BRIDGE-ID> | tunnel { gre | softgre } <ID> | vlan <VLAN-ID> } Parameters
<IF> – an interface's name, specified in the form described in Section Types and naming order of router interfaces;
<U/S/P> – Unit (1), slot (0) and interface number of the packet processor;
<BRIDGE-ID> – bridge ID number, specified in the form described in Section Types and naming order of router interfaces;
<ID> – tunnel identifier;
<VLAN ID> – VLAN number. It is possible to specify a vlan list using the ',' symbol without spaces, a vlan range using the '-' symbol and/or a combination of lists and ranges.
Required privilege level
10
Command mode
ROOT
Example
esr# clear mac address-tableip arp
This command adds a static entry to the ARP table.
The use of a negative form (no) of the command removes the static entry from the ARP table.
Syntax
ip arp [ vrf <VRF> ] <IP> <MAC> { <IF> | <TUN> }no ip arp [ vrf <VRF> ] <IP>
Parameters
<VRF> – VRF name, set by the string of up to 31 characters.
<IP> – host IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].
<MAC> – MAC address of the client, which will be given the IP address, defined as XX: XX: XX: XX: XX: XX where each part takes the values of [00..FF];
<IF> – an interface's name, specified in the form described in Section Types and naming order of router interfaces;
<TUN> – the name of the tunnel is specified as described in section Types and naming order of router tunnels;
Required privilege level
10
Command mode
CONFIG
Example
esr(config-if-gi)# ip arp 192.168.54.22 a8:f9:4b:ab:2e:d0 bridge 3ip arp reachable-time
The command sets lifetime of the record in the ARP table.
The use of a negative form (no) of the command sets the default value of arp reachable-time parameter.
Syntax
ip arp reachable-time <TIME>
no ip arp reachable-time
Parameters
<TIME> – lifetime of dynamic MAC addresses, in milliseconds. Allowed values are from 5000 to 100000000 milliseconds. Real time of the entry update varies from [0,5;1,5]*<TIME>.
Required privilege level
10
Default value
160000
Command mode
CONFIG
CONFIG-GI
CONFIG-TE
CONFIG-SUBIF
CONFIG-QINQ-IF
CONFIG-PORT-CHANNEL
CONFIG-LOOPBACK
CONFIG-BRIDGE
Example
esr(config-if-gi)# ip arp reachable-time 6000ipv6 nd
This command adds a static entry to the ND table.
The use of a negative form (no) of the command removes the entry from the ND table.
Syntax
ipv6 nd [ vrf <VRF> ] <IPV6> <MAC> {<IF> | <TUN>}no ipv6 nd [ vrf <VRF> ] <IP>
Parameters
<VRF> – VRF name, set by the string of up to 31 characters.
<IPV6-ADDR> – IPv6 address, defined as X:X:X:X::X where each part takes values in hexadecimal format [0..FFFF].
<MAC> – MAC address of the client, which will be given the IP address, defined as XX: XX: XX: XX: XX: XX where each part takes the values of [00..FF];
<IF> – an interface's name, specified in the form described in Section Types and naming order of router interfaces;
<TUN> – the name of the tunnel is specified as described in section Types and naming order of router tunnels;
Required privilege level
10
Command mode
CONFIG
Example
esr(config-if-gi)# ip arp 192.168.54.22 a8:f9:4b:ab:2e:d0 bridge 3ipv6 nd reachable-time
This command sets the time during which the remote IPv6 host is considered available when there is no host activity.
The use of a negative form (no) of the command sets the default value of nd reachable-time parameter.
Syntax
ipv6 nd reachable-time <TIME>
no ipv6 nd arp reachable-time
Parameters
<TIME> is the lifetime of an IPv6 remote node entry in the ND protocol table, in milliseconds. Allowed values are from 5000 to 100000000 milliseconds. Real time of the entry update varies from [0,5;1,5]*<TIME>.
Default value
30000
Required privilege level
10
Command mode
CONFIG
CONFIG-GI
CONFIG-TE
CONFIG-SUBIF
CONFIG-QINQ-IF
CONFIG-LOOPBACK
CONFIG-PORT-CHANNEL
CONFIG-BRIDGE
Example
esr(config-if-gi)# ipv6 nd reachable-time 27000mac address-table aging-time
The command sets the lifetime of dynamic MAC addresses in forwarding table.
The use of a negative form (no) of the command sets the default 'aging time'.
Syntax
mac address-table aging-time <AGING TIME>
[no] mac address-table aging time
Parameters
<AGING TIME> – lifetime of dynamic MAC addresses, in seconds. Allowed values:
- ESR-1000/1200/1500/1511/1700 – from 10 to 630 seconds. If set to 0, the timer is off.
- ESR-10/12V/12VF/14VF/20/21/100/200 – from 20 to 630 seconds.
Default value
300
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# mac address-table aging-time 30mac address-table save-secure-freq
In the current firmware version, the command is supported only by ESR-1000 routers
The command sets the frequency of saving secure MAC addresses list.
The use of a negative form (no) of the command sets the default 'mac address-table save-secure-freq' value.
Syntax
mac address-table save-secure-freq <SAVE-SECURE-FREQ>
[no] mac address-table save-secure-freq
Parameters
<SAVE-SECURE-FREQ> – frequency of saving secure MAC addresses list, takes the value of [600..86400] seconds.
Default value
1200 seconds
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# mac address-table save-secure-freq 650port-security max
In the current firmware version, this functionality is supported only by ESR-1000 router.
The command sets the maximum number of MAC addresses allowed to be stored on port.
The use of a negative form (no) of the command disables 'port-security'.
Syntax
port-security max <MAX>
no port-security max
Parameters
<MAX> – maximum amount of MAC addresses to be stored by port, takes the values of [1..1024].
Required privilege level
15
Command mode
CONFIG-GI
CONFIG-TE
Example
esr(config-if-gi)# port-security max 1port-security mode
In the current firmware version, this functionality is supported only by ESR-1000 router.
The command configures 'port-security' mode.
The use of a negative form (no) of the command disables the security mode.
Syntax
port-security mode [<OPTIONS>]
no port-security mode
Parameters
<OPTIONS> – parameters of command to select 'port-security' mode:
limited – when enabling the mode:
- all learned MAC addresses are removed from a port;
- amount of addresses that port can store is limited by the current configuration;
- MAC addresses are not saved between hard resets;
- MAC addresses storage time depends on the lifetime of dynamic MAC addresses in forwarding table.
lock – when enabling the mode:
- all learned MAC addresses are saved on a port;
- port does not store new addresses;
- MAC addresses are saved between hard resets;
- MAC addresses storage time depends on the lifetime of dynamic MAC addresses in forwarding table.
secure-delete-on-reset – when enabling the mode:
- all learned MAC addresses are removed from a port;
- amount of addresses that port can store is limited by the current configuration;
- MAC addresses are not saved between hard resets;
- MAC addresses storage time does not depend on the lifetime of dynamic MAC addresses in forwarding table.
secure-permanent – when enabling the mode:
- all learned MAC addresses are removed from a port;
- amount of addresses that port can store is limited by the current configuration;
- MAC addresses are saved between hard resets;
- MAC addresses storage time does not depend on the lifetime of dynamic MAC addresses in forwarding table.
Required privilege level
15
Command mode
CONFIG-GI
CONFIG-TE
Example
esr(config-if-gi)# port-security mode secure-delete-on-reset
esr(config-if-gi)# port-security mode secure-permanentport-security unknown-sa-action
In the current firmware version, this functionality is supported only by ESR-1000 router.
The command prohibits the transmission of packets with unknown MAC addresses.
The use of a negative form (no) of the command enables the transmission of packets with unknown MAC addresses.
Syntax
port-security unknown-sa-action discard
no port-security unknown-sa-action
Required privilege level
15
Command mode
CONFIG-GI
CONFIG-TE
Example
esr(config-if-gi)# port-security unknown-sa-action discardshow arp
The commands displays ARP table.
Syntax
show arp [<OPTIONS>]
Parameters
<options> – command parameters for detailed information, optional parameter:
- <VRF> – VRF instance name, set by the string of up to 31 characters. When specifying this parameter, ARP table will be displayed in a specified VRF;
- <IF> – name of an interface or a list of interfaces is specified in the form described in Section Types and naming order of router interfaces. Only information on specified interfaces is displayed;
- <TUN> – names of tunnels are specified as described in section Types and naming order of router tunnels.
- mac-address <MAC> – MAC address to be searched, defined as XX:XX:XX:XX:XX:XX where each part takes the values of [00..FF];
- ip-address <ADDR> – IP address to be searched, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].
Required privilege level
1
Command mode
ROOT
Example
esr# show arp
Interface IP address MAC address State Age(min)
--------------- --------------- ----------------- --------------- ----------
bridge 1 192.168.1.1 a8:f9:4b:aa:00:40 -- --
gi1/0/5 10.255.100.1 d8:50:e6:d2:f0:46 reachable 2
gi1/0/5 10.255.100.5 a8:f9:4b:aa:00:45 -- --show arp configuration
The command displays the values of ARP table entries lifetime.
Syntax
show arp configuration <IF>
Parameters
<IF> – system interface names, specified in the form described in Section Types and naming order of router interfaces;
Required privilege level
1
Command mode
ROOT
Example
esr# sh arp configuration gigabitethernet 1/0/1-5
Globally configured ARP reachable time is 6000 msec
Interface ARP reachable time, msec
--------------- -------------------------
gi1/0/1 6000
gi1/0/2 6000
gi1/0/3 6000
gi1/0/4 6000
gi1/0/4 6000show ipv6 neighbors
The command displays IPv6 Neighbor Discovery tables.
Syntax
show ipv6 neighbors [<OPTIONS>]
Parameters
<OPTIONS> – command parameters for detailed information, optional parameter:
- <VRF> – VRF instance name, set by the string of up to 31 characters. When specifying this parameter, IPv6 Neighbor Discovery table will be displayed in a specified VRF;
- <IF> – name of an interface or a list of interfaces is specified in the form described in Section Types and naming order of router interfaces. Only information on specified interfaces is displayed;
- mac-address <MAC> – MAC address to be searched, defined as XX:XX:XX:XX:XX:XX where each part takes the values of [00..FF];
- ipv6-address <IPV6-ADDR> – IPv6 address to be searched, defined as X:X:X:X::X where each part takes values in hexadecimal format [0..FFFF].
Required privilege level
1
Command mode
ROOT
Example
esr# show ipv6 neighbors
Interface IPv6 address MAC address State Age(min)
--------------- ------------------------- ----------------- --------------- ----------
gi1/0/5 fc00::1 d8:50:e6:d2:f0:46 reachable 1
gi1/0/5 fc00::2 a8:f9:4b:aa:00:45 -- --
bridge 1 fe80::aaf9:4bff:feaa:40 a8:f9:4b:aa:00:40 -- --
bridge 2 fe80::aaf9:4bff:feaa:40 a8:f9:4b:aa:00:40 -- --
gi1/0/5 fe80::aaf9:4bff:feaa:45 a8:f9:4b:aa:00:45 -- --
gi1/0/5 ff02::16 33:33:00:00:00:16 norarp --
gi1/0/5 ff02::fb 33:33:00:00:00:fb norarp --
gi1/0/5 ff02::1:ff00:1 33:33:ff:00:00:01 norarp --
gi1/0/5 ff02::1:ff00:2 33:33:ff:00:00:02 norarp --show ipv6 neighbors configuration
The command displays the lifetime values of a remote node entry in the ND protocol table.
Syntax
show ipv6 neighbors configuration <IF>
Parameters
<IF> – system interface names, specified in the form described in Section Types and naming order of router interfaces.
Required privilege level
1
Command mode
ROOT
Example
esr# sh ipv6 neighbors configuration tengigabitethernet 1/0/1-2
Globally configured NDP reachable time is 30000 msec
Interface ND reachable time, msec
--------------- -------------------------
te1/0/1 30000
te1/0/2 30000show mac address-table
The command is used to view the information in the MAC address table.
Syntax
show mac address-table [ { count { bridge <BRIDGE-ID> | l2vpn p2p <P2P-NAME> } | { static | dynamic} { bridge <BRIDGE-ID> | l2vpn p2p <P2P-NAME> | interface { <IF> | host-port <U/S/P> } | tunnel { gre | softgre } <ID> | vlan <VLAN-ID> | mac <MAC-ADDR> <MAC-MASK> } } ]Parameters
- count – show the number of entries in MAC table. The list of MAC addresses is not displayed;
- static – view entries in the MAC address table entered from the router configuration;
- dynamic – view entries in the MAC address table recorded during the MAC address learning;
- <BRIDGE-ID> – bridge ID number, specified in the form described in Section Types and naming order of router interfaces;
- <P2P-NAME> — name of existent p2p service, set by the string of up to 31 characters;
- <IF> – an interface's name, specified in the form described in Section Types and naming order of router interfaces;
- <HOST-U/S/P> – packet processor interface. Specified as unit (1), slot (0) and interface number of the packet processor;
- <ID> – the identifier of the tunnel is specified as described in section Types and naming order of router tunnels;
- <VLAN ID> – VLAN number. It is possible to specify a vlan list using the «,» symbol without spaces, a vlan range using the «-» symbol and/or a combination of lists and ranges;
- <MAC-ADDR> – MAC address to be searched, defined as XX:XX:XX:XX:XX:XX where each part takes the values of [00..FF];
- [MAC-MASK] – MAC address mask, defined as XX:XX:XX:XX:XX:XX where each part takes the values of [00..FF]. Mask bits, set to zero, specify MAC address bits excluded from the comparison when searching. Mask default value: FF:FF:FF:FF:FF:FF.
Required privilege level
10
Command mode
ROOT
Example
esr# show mac address-table
VID MAC Address Interface Type
----- ------------------ ------------------------------ -------
102 a8:f9:4b:aa:44:bb host-port 1/0/2 Dynamic
101 a8:f9:4b:aa:44:bb host-port 1/0/2 Dynamic
100 a8:f9:4b:aa:44:bb host-port 1/0/2 Dynamic
3 valid mac entries