For feedback and comments: |
documentation.feedback@alcatel-lucent.com |
The type of anti-spoof filtering defines what information in the incoming packet is used to generate the criteria to lookup an entry in the anti-spoof filter table. The type parameter (ip, mac, ip-mac) defines the anti-spoof filter type enforced by the SAP when anti-spoof filtering is enabled.The no form of the command disables anti-spoof filtering on the SAP.Configures SAP anti-spoof filtering to use only the source IP address in its lookup. If a static host exists on the SAP without an IP address specified, the anti-spoof ip command will fail.Configures SAP anti-spoof filtering to use only the source MAC address in its lookup. If a static host exists on the SAP without a specified MAC address, the anti-spoof mac command will fail.Configures SAP anti-spoof filtering to use both the source IP address and the source MAC address in its lookup. If a static host exists on the SAP without both the IP address and MAC address specified, the anti-spoof ip-mac command will fail.The type of anti-spoof filtering defines what information in the incoming packet is used to generate the criteria to lookup an entry in the anti-spoof filter table. The type parameter (ip, ip-mac) defines the anti-spoof filter type enforced by the SAP when anti-spoof filtering is enabled.The no form of the command disables anti-spoof filtering on the SAP.Configures SAP anti-spoof filtering to use only the source IP address in its lookup. If a static host exists on the SAP without an IP address specified, the anti-spoof ip command will fail.Configures SAP anti-spoof filtering to use both the source IP address and the source MAC address in its lookup. If a static host exists on the SAP without both the IP address and MAC address specified, the anti-spoof ip-mac command will fail.The no form of the command removes the group name from the configuration.
– STP disabled (can not be enabled)This command indicates whether or not this MAC is protected on the MAC protect list. When enabled, the agent will protect the MAC from being learned or re-learned on a SAP, spoke SDP or mesh-SDP that has restricted learning enabled. The MAC protect list is used in conjunction with restrict-protected-src, restrict-unprotected-dst and auto-learn-mac-protect.[no] auto-learn-mac-protectWhen the restrict-protected-src is enabled on an SHG the action only applies to the associated SAPs (no action is taken by default for spoke SDPs in the SHG). In order to enable this function for spoke SDPs within a SHG, the restrict-protected-src must be enabled explicitly under the spoke-SDP. If required, restrict-protected-src can also be enabled explicitly under specific SAPs within the SHG.The use of “restrict-protected-src discard-frame” is mutually exclusive with both the “restrict-protected-src [alarm-only]” command and with the configuration of manually protected MAC addresses within a given VPLS. “restrict-protected-src discard-frame” can only be enabled on SAPs on FP2 or later hardware or on SDPs where all network interfaces are on FP2 or later hardware.
Default
Default [no] mac-pinningThe age of the MAC address entry in the FIB is set by the age timer. If mac-aging is disabled on a given VPLS service, any MAC address learned on a SAP/SDP with mac-pinning enabled will remain in the FIB on this SAP/SDP forever.ARP replies and requests received on a SAP with arp-reply-agent enabled will be evaluated by the system against the anti-spoof filter entries associated with the ingress SAP (if the SAP has anti-spoof filtering enabled). ARPs from unknown hosts on the SAP will be discarded when anti-spoof filtering is enabled.Static hosts can be defined on the SAP using the host command. Dynamic hosts are enabled on the system by enabling the lease-populate command in the SAP’s dhcp context. In the event that both a static host and a dynamic host share the same IP and MAC address, the VPLS ARP reply agent will retain the host information until both the static and dynamic information are removed. In the event that both a static and dynamic host share the same IP address, but different MAC addresses, the VPLS ARP reply agent is populated with the static host information.The arp-reply-agent command will fail if an existing static host on the SAP does not have both MAC and IP addresses specified. Once the ARP reply agent is enabled, creating a static host on the SAP without both an IP address and MAC address will fail.The no form of the command disables ARP-reply-agent functions for static and dynamic hosts on the SAP.When arp-reply-agent is enabled with sub-ident:
• When sub-ident is not configured, the arp-reply-agent does not attempt to identify the subscriber information for the destination or originating host and will not discard an ARP request based on subscriber information.[no] arp-populateThis command, when enabled, disables dynamic learning of ARP entries. Instead, the ARP table is populated with dynamic entries from the DHCP lease state table (enabled with lease-populate), and optionally with static entries entered with the host command.Enabling the arp-populate command will remove any dynamic ARP entries learned on this interface from the ARP cache.The arp-populate command will fail if an existing static ARP entry exists for this interface.The arp-populate command will fail if an existing static subscriber host on the SAP does not have both MAC and IP addresses specified.Once arp-populate is enabled, creating a static subscriber host on the SAP without both an IP address and MAC address will fail.When arp-populate is enabled, the system will not send out ARP requests for hosts that are not in the ARP cache. Only statically configured and DHCP learned hosts are reachable through an IP interface with arp-populate enabled. The arp-populate command can only be enabled on IES and VPRN interfaces supporting Ethernet encapsulation.Use the no form of the command to disable ARP cache population functions for static and dynamic hosts on the interface. All static and dynamic host information for this interface will be removed from the system’s ARP cache.arp-timeout secondsThis command configures the minimum time in seconds an ARP entry learned on the IP interface will be stored in the ARP table. ARP entries are automatically refreshed when an ARP request or gratuitous ARP is seen from an IP host, otherwise, the ARP entry is aged from the ARP table. If arp-timeout is set to a value of zero seconds, ARP aging is disabled.When the arp-populate and lease-populate commands are enabled on an IES interface, the ARP table entries will no longer be dynamically learned, but instead by snooping DHCP ACK message from a DHCP server. In this case the configured arp-timeout value has no effect.The default value for arp-timeout is 14400 seconds (4 hours).
Values The no form of this command removes the policy name from the group interface configuration.interval interval
Values Defines the action taken on a subscriber host connectivity verification failure for a given host. The remove keyword raises an alarm and removes dhcp-state and releases all allocated resources (queues, table entries and etc.). DHCP release will be signaled to corresponding DHCP server. Static hosts will be never removed. The alarm keyword raises an alarm indicating that the host is disconnected.family family[no] local-proxy-arp[no] remote-proxy-arp[no] qos-route-lookupstatic-arp ip-address ieee-mac-addressThe no form of the command removes a static ARP entry.
Configured by static-arp commands. Learned from DHCP snooping or configured by host commands.A:ALA-A# show service id 100 base ===============================================================================
ARP Table===============================================================================IP Address MAC Address Type Age Interface Port-------------------------------------------------------------------------------101.1.0.1 00:00:66:66:66:01 Other 00h00m00s ies-100-101.1.0.1 1/1/4200.1.1.2 00:00:5e:00:01:64 Other 00h00m00s ies-100-200.1.1.2 1/1/3200.1.1.201 00:00:22:2e:a5:61 Static 00h00m00s ies-100-200.1.1.2 1/1/3200.1.1.202 00:00:22:2e:a5:62 Static 00h00m00s ies-100-200.1.1.2 1/1/3===============================================================================A:ALA-A#