Configuring Arp Packet Source Mac Address Consistency Check; Configuration Procedure; Configuring Arp Active Acknowledgement; Configuring Arp Detection - HP A5830 Series Configuration Manual

[Device] arp anti-attack source-mac aging-time 60
# Configure 0012-3f86-e94c as a protected MAC address.
[Device] arp anti-attack source-mac exclude-mac 0012-3f86-e94c
Configuring ARP packet source MAC address
consistency check
The ARP packet source MAC address consistency check feature enables a gateway device to filter out
ARP packets that have a different source MAC address in the Ethernet header from the sender MAC
address in the message, so that the gateway device can learn correct ARP entries.

Configuration procedure

To enable ARP packet source MAC address consistency check:
To do...
1. Enter system view.
2. Enable ARP packet source MAC
address consistency check.

Configuring ARP active acknowledgement

The ARP active acknowledgement feature is configured on gateway devices to identify invalid ARP
packets.
ARP active acknowledgement works before the gateway creates or modifies an ARP entry to avoid
generating an incorrect ARP entry. For more information about its working mechanism, see ARP Attack
Protection Technology White Paper.
Configuration procedure
To configure ARP active acknowledgement:
To do...
1. Enter system view.
2. Enable the ARP active
acknowledgement function.

Configuring ARP detection

The ARP detection feature is mainly configured on an access device to allow only the ARP packets of
authorized clients to be forwarded and to prevent user spoofing and gateway spoofing.
ARP detection includes ARP detection based on static IP source guard binding entries/DHCP snooping
entries/802.1X security entries, ARP detection based on specified objects, and ARP restricted
forwarding.
Use the command...
system-view
arp anti-attack valid-check enable
Use the command...
system-view
arp anti-attack active-ack enable
229
Remarks
—
Required
Disabled by default
Remarks
—
Required
Disabled by default