Step
1.
Enter system view.
2.
Enable the ARP active
acknowledgement function.
Configuring authorized ARP
Authorized ARP entries are generated based on the DHCP clients' address leases on the DHCP server or
dynamic client entries on the DHCP relay agent. For more information about DHCP server and DHCP
relay agent, see Layer 3—IP Services Configuration Guide.
With authorized ARP enabled, an interface is disabled from learning dynamic ARP entries to prevent user
spoofing and allows only authorized clients to access network resources.
Configuration procedure
To enable authorized ARP:
Step
1.
Enter system view.
2.
Enter Layer 3 Ethernet
interface/Layer 3 Ethernet
subinterface/Layer 3 aggregate
interface/Layer 3 aggregate
subinterface view/VLAN interface
view.
3.
Enable authorized ARP on the
interface.
Configuration example (on a DHCP server)
Network requirements
As shown in
server) to ensure user validity.
Figure 112 Network diagram
Configuration procedure
1.
Configure Switch A:
# Specify the IP address for Ten-GigabitEthernet 1/0/1.
<SwitchA> system-view
Figure 1
12, configure authorized ARP on Ten-GigabitEthernet 1/0/1 of Switch A (a DHCP
Command
system-view
arp active-ack [ strict ]
enable
Command
system-view
interface interface-type
interface-number
arp authorized enable
333
Remarks
N/A
By default, ARP active acknowledgement
function is disabled.
Remarks
N/A
N/A
By default, authorized ARP is
disabled.