Configuration Guide
IP Service Configuration
MAC-Scan Configuration
17 min
introduction introduction mac scan provides an automatic scanning function to detect the correlation between mac addresses and ip addresses in the network when there are terminals that cannot actively send arp packets and the access devices cannot learn the corresponding arp entries in a timely manner, other terminals in the network might face communication issues while trying to access these terminals by enabling the mac scan feature on the corresponding interfaces, the device will send arp request packets for specific ip addresses based on the information in the snp table to determine if the corresponding terminal is online explanation of principles explanation of principles the snp table serves as the primary reference for the mac scan detection feature mac scan supports the following detection scopes by default, the detection scope of mac scan includes all terminals in the snp table with the "local" attribute when the "mac scan remote enable" command is enabled, mac scan will detect terminals regardless of whether their attributes are "local" or "remote " by default, the device sends arp request packets every 10ms in a loop to all terminals within the detection scope when there is a server in the network that requires detection, the device initiates an arp request packet with the following format op=1 source mac address send ip address destination mac address destination ip address 00 00 00 00 00 00 192 168 0 1 ff ff ff ff ff ff 192 168 0 30 mac scan configuration mac scan configuration configure tasks instructions enable mac scan functionality required configure interfaces for detection required configure mac scan detection scope optional configure mac scan detection period optional configure snp table update based on detection results optional enabling mac scan function enabling mac scan function operation command description enter the system configuration view configure terminal enable mac scan function mac scan enable configuring interfaces for detection configuring interfaces for detection operation command description enter the system configuration view configure terminal configure interfaces for detection mac scan interface interface name configuring mac scan detection scope configuring mac scan detection scope if the terminals in the network that need to be detected are fixed and non migrating, it is recommended to use the default detection range, which only detects terminals with snooping entries marked as local this narrows the detection scope, allowing terminals to come online more quickly when there are mobile terminals in the network that do not actively request the gateway, you can expand the detection range to remote, which will detect all terminals in the snooping table, regardless of whether they are marked as local or remote additionally, mac scan supports detection based on subnet range if there are many silent terminals under a particular subnet that rely on detection to come online, you can configure subnet based detection as needed operation command description enter the system configuration view configure terminal configure the detection scope for global scanning mac scan remote enable configure the detection ip range mac scan ip ranges specify a single ip, such as a b c d specify a range of ip addresses between two values, such as from a b c d to a b c d specify an ip network, such as a b c d/m specify a range of ip addresses within a subnet, such as a b c d/m a b c d/m configuring mac scan detection period configuring mac scan detection period users can configure the mac scan transmission interval based on the number of terminals they need to detect online a detection packet will be sent every configured interval to cyclically scan all terminals in the snp table please note that the detection process involves cpu generated arp packets, which might lead to an increase in cpu utilization it's important to choose an appropriate detection period operation command description enter the system configuration view configure terminal configure the detection period mac scan period time configuring updating snp table entries based on detection results configuring updating snp table entries based on detection results by default, devices only delete snp table entries when they receive dhcp release packets or when the entries reach their aging time if a device disconnects from the network without sending a release packet, it may leave unused snp table entries behind to address this, you can enable a feature that actively deletes snp table entries for local attributes if no response is received after three detection attempts this action does not impact statically bound table entries operation command description enter the system configuration view configure terminal configure updating snp table entries based on detection results mac scan no response delete display and maintenance display and maintenance operation command description display mac scan configuration show mac scan config configuration example configuration example network requirements network requirements there is a server in a network, which is a silent terminal and does not actively send packets to the outside world it is required that the server can be online immediately after connecting to the network, so that other users in the network can access the server normally procedure procedure configure the access vlan and interface ip address \# create vlan100 and configure the ip address sonic(config)# vlan 100 sonic(config)# interface ethernet 1 sonic(config if 1)# switchport access vlan 100 sonic(config)# interface vlan 100 sonic(config vlanif 100)# ip address 10 1 2 1/24 \# configure the ip address of the upstream port sonic(config)# interface ethernet 49 sonic(config if 49)# ip address 10 10 1 2 enable dhcp relay function sonic(config)# dhcp relay test v4 sonic(config dhcp relay test v4)# down link interface vlan 100 sonic(config dhcp relay test v4)# up link interface 49 sonic(config dhcp relay test v4)# server ip 10 10 1 1 sonic(config dhcp relay test v4)# loopback interface loopback 0 sonic(config dhcp relay test v4)# exit enable dhcp snooping function sonic(config)# dhcp snooping enable sonic(config)# interface vlan 100 sonic(config vlanif 100)# dhcp snooping enable \# configure the interface connecting to the dhcp server to be a trusted port sonic(config)# interface ethernet 49 sonic(config if 49)# dhcp snooping enable sonic(config if 49)# dhcp snooping trusted enable mac scan function sonic(config)# mac scan enable sonic(config)# mac scan interface vlan100 verify configuration verify configuration before turning on probing \# table entries before the probe function is enabled sonic(config)# do show snooping table + + + + + + + + \| vlan | smac | sip | lease time | time stamp | switch id | flag | +=========+===================+===========+============+============+===========+=========+ \| vlan100 | 26 19 86\ d3 73 63 | 10 1 2 10 | 6000 | 1679398564 | 10 1 1 1 | local | + + + + + + + + \| vlan100 | 00 00 44 01 01 46 | 10 1 2 20 | 6000 | 1679397285 | 10 1 1 1 | local | + + + + + + + + sonic(config)# do show arp address macaddress iface vlan type \ 10 10 1 1 18 17 25 37 65 08 ethernet49 dynamic after turning on probing sonic(config)# do show arp address macaddress iface vlan type \ 10 1 2 10 26 19 86\ d3 73 63 ethernet1 100 dynamic 10 1 2 20 00 00 44 01 01 46 ethernet1 100 dynamic 10 10 1 1 18 17 25 37 65 08 ethernet49 dynamic
