Arp Detection Validate - HP FlexNetwork MSR Series Command Reference Manual
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
undo arp detection trust
Default
An interface is an ARP untrusted interface.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Examples
# Configure GigabitEthernet 1/0/1 as an ARP trusted interface.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] arp detection trust
arp detection validate
Use arp detection validate to enable ARP packet validity check.
Use undo arp detection validate to disable ARP packet validity check.
Syntax
arp detection validate { dst-mac | ip | src-mac } *
undo arp detection validate [ dst-mac | ip | src-mac ] *
Default
ARP packet validity check is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
dst-mac: Checks the target MAC address of ARP responses. If the target MAC address is all-zero,
all-one, or inconsistent with the destination MAC address in the Ethernet header, the packet is
considered invalid and discarded.
ip: Checks the sender and target IP addresses of ARP replies, and the sender IP address of ARP
requests. All-one or multicast IP addresses are considered invalid and the corresponding packets
are discarded.
src-mac: Checks whether the sender MAC address in the message body is identical to the source
MAC address in the Ethernet header. If they are identical, the packet is forwarded. Otherwise, the
packet is discarded.
Usage guidelines
You can specify more than one object to be checked in one command line.
If no keyword is specified, the undo arp detection validate command disables ARP packet validity
check for all objects.
947
Advertisement
