Parameters
None
Description
Use arp anti-attack active-ack enable to enable the ARP active acknowledgement function.
Use undo arp anti-attack active-ack enable to restore the default.
By default, the ARP active acknowledgement function is disabled.
This feature is configured on gateway devices to identify invalid ARP packets.
Examples
# Enable the ARP active acknowledgement function.
<Sysname> system-view
[Sysname] arp anti-attack active-ack enable
ARP detection configuration commands
arp detection
Syntax
arp detection id-number { permit | deny } ip { any | ip-address [ ip-address-mask ] } mac { any |
mac-address [ mac-address-mask ] } [ vlan vlan-id ]
undo arp detection id-number
Views
System view
Default level
2: System level
Parameters
id-number: Specifies the ID of the rule, in the range of 0 to 51 1. A lower value refers to a higher priority.
deny: Denies ARP packets matching the rule.
permit: Permit ARP packets matching the rule.
ip { any | ip-address [ ip-address-mask ] }: Specifies an IP address range for matching sender IP
addresses of ARP packets.
any: Matches any sender IP address.
•
ip-address: Matches the specified sender IP address.
•
•
ip-address-mask: Specifies a mask for the IP address, in dotted-decimal format. The ip-address
argument without a mask indicates a host address.
mac { any | mac-address [ mac-address-mask ] }: Specifies a MAC address range for matching sender
MAC addresses of ARP packets.
•
any: Matches any sender MAC address.
mac-address: Matches the specified sender MAC address, in the format of H-H-H.
•
mac-address-mask: Specifies a mask for the MAC address, in the format of H-H-H.
•
259