MAC-Scan Configuration
MAC-scan provides an automatic scanning function to detect the correlation between MAC addresses and IP addresses in the network. When there are terminals that cannot actively send ARP packets and the access devices cannot learn the corresponding ARP entries in a timely manner, other terminals in the network might face communication issues while trying to access these terminals. By enabling the MAC-scan feature on the corresponding interfaces, the device will send ARP request packets for specific IP addresses based on the information in the SNP table to determine if the corresponding terminal is online.
Explanation of Principles
Section titled “Explanation of Principles”The SNP table serves as the primary reference for the MAC-scan detection feature. MAC-scan supports the following detection scopes:
By default, the detection scope of MAC-scan includes all terminals in the SNP table with the “local” attribute.
When the “mac-scan remote enable” command is enabled, MAC-scan will detect terminals regardless of whether their attributes are “local” or “remote.”
By default, the device sends ARP request packets every 10ms in a loop to all terminals within the detection scope. When there is a server in the network that requires detection, the device initiates an ARP request packet with the following format:
| op=1 | Source MAC address | Send IP address | Destination MAC address | Destination IP address |
|---|---|---|---|---|
| 00-00-00-00-00-00 | 192.168.0.1 | ff-ff-ff-ff-ff-ff | 192.168.0.30 |
MAC-scan Configuration
Section titled “MAC-scan Configuration”| Configure Tasks | Instructions |
|---|---|
| Enable MAC-scan functionality | Required |
| Configure Interfaces for detection | Required |
| Configure MAC-scan detection scope | Optional |
| Configure MAC-scan detection period | Optional |
| Configure SNP table update based on detection results | Optional |
Enabling MAC-scan Function
Section titled “Enabling MAC-scan Function”| Operation | Command | Description |
|---|---|---|
| Enter the system configuration view | configure terminal | |
| Enable MAC-scan function | mac-scan enable |
Configuring Interfaces for Detection
Section titled “Configuring Interfaces for Detection”| Operation | Command | Description |
|---|---|---|
| Enter the system configuration view | configure terminal | |
| Configure Interfaces for Detection | mac-scan interface interface-name |
Configuring MAC-scan detection scope
Section titled “Configuring MAC-scan detection scope”If the terminals in the network that need to be detected are fixed and non-migrating, it is recommended to use the default detection range, which only detects terminals with Snooping entries marked as local. This narrows the detection scope, allowing terminals to come online more quickly.
When there are mobile terminals in the network that do not actively request the gateway, you can expand the detection range to remote, which will detect all terminals in the Snooping table, regardless of whether they are marked as local or remote.
Additionally, MAC-scan supports detection based on subnet range. If there are many silent terminals under a particular subnet that rely on detection to come online, you can configure subnet-based detection as needed.
| Operation | Command | Description |
|---|---|---|
| Enter the system configuration view | configure terminal | |
| Configure the detection scope for global scanning | mac-scan remote enable | |
| Configure the detection IP range | mac-scan ip-ranges | Specify a single IP, such as A.B.C.D Specify a range of IP addresses between two values, such as from A.B.C.D to A.B.C.D Specify an IP network, such as A.B.C.D/M Specify a range of IP addresses within a subnet, such as A.B.C.D/M-A.B.C.D/M |
Configuring MAC-scan detection period
Section titled “Configuring MAC-scan detection period”Users can configure the MAC-scan transmission interval based on the number of terminals they need to detect online. A detection packet will be sent every configured interval to cyclically scan all terminals in the SNP table. Please note that the detection process involves CPU-generated ARP packets, which might lead to an increase in CPU utilization. It’s important to choose an appropriate detection period.
| Operation | Command | Description |
|---|---|---|
| Enter the system configuration view | configure terminal | |
| Configure the detection period | mac-scan period time |
Configuring Updating SNP Table Entries Based on Detection Results
Section titled “Configuring Updating SNP Table Entries Based on Detection Results”By default, devices only delete SNP table entries when they receive DHCP release packets or when the entries reach their aging time. If a device disconnects from the network without sending a release packet, it may leave unused SNP table entries behind. To address this, you can enable a feature that actively deletes SNP table entries for local attributes if no response is received after three detection attempts. This action does not impact statically bound table entries.
| Operation | Command | Description |
|---|---|---|
| Enter the system configuration view | configure terminal | |
| Configure Updating SNP Table Entries Based on Detection Results | mac-scan no-response delete |
Display and Maintenance
Section titled “Display and Maintenance”| Operation | Command | Description |
|---|---|---|
| Display MAC-scan configuration | show mac-scan config |
Configuration Example
Section titled “Configuration Example”Network requirements
There is a server in a network, which is a silent terminal and does not actively send packets to the outside world. It is required that the server can be online immediately after connecting to the network, so that other users in the network can access the server normally.
Procedure
- Configure the access VLAN and interface IP address # Create VLAN100 and configure the IP address
sonic(config)# vlan 100sonic(config)# interface ethernet 1sonic(config-if-1)# switchport access vlan 100sonic(config)# interface vlan 100sonic(config-vlanif-100)# ip address 10.1.2.1/24# Configure the IP address of the upstream port
sonic(config)# interface ethernet 49sonic(config-if-49)# ip address 10.10.1.2- Enable DHCP relay function
sonic(config)# dhcp-relay test v4sonic(config-dhcp-relay-test__v4)# down_link interface vlan 100sonic(config-dhcp-relay-test__v4)# up_link interface 49sonic(config-dhcp-relay-test__v4)# server_ip 10.10.1.1sonic(config-dhcp-relay-test__v4)# loopback_interface loopback 0sonic(config-dhcp-relay-test__v4)# exit- Enable DHCP Snooping function
sonic(config)# dhcp snooping enablesonic(config)# interface vlan 100sonic(config-vlanif-100)# dhcp-snooping enable# Configure the interface connecting to the DHCP Server to be a trusted port
sonic(config)# interface ethernet 49sonic(config-if-49)# dhcp-snooping enablesonic(config-if-49)# dhcp-snooping trusted- Enable MAC-scan function
sonic(config)# mac-scan enablesonic(config)# mac-scan interface Vlan100Verify configuration
- Before turning on probing # Table entries before the probe function is enabled
sonic(config)# do show snooping table+---------+-------------------+-----------+------------+------------+-----------+---------+| vlan | smac | sip | lease_time | time-stamp | switch_id | flag |+=========+===================+===========+============+============+===========+=========+| Vlan100 | 26:19:86:d3:73:63 | 10.1.2.10 | 6000 | 1679398564 | 10.1.1.1 | local |+---------+-------------------+-----------+------------+------------+-----------+---------+| Vlan100 | 00:00:44:01:01:46 | 10.1.2.20 | 6000 | 1679397285 | 10.1.1.1 | local |+---------+-------------------+-----------+------------+------------+-----------+---------+
sonic(config)# do show arpAddress MacAddress Iface Vlan Type-------------- ----------------- ---------- ---- --------10.10.1.1 18:17:25:37:65:08 Ethernet49 - Dynamic- After turning on probing
sonic(config)# do show arpAddress MacAddress Iface Vlan Type-------------- ----------------- ---------- ---- --------10.1.2.10 26:19:86:d3:73:63 Ethernet1 100 Dynamic10.1.2.20 00:00:44:01:01:46 Ethernet1 100 Dynamic10.10.1.1 18:17:25:37:65:08 Ethernet49 - Dynamic