Configuring Arp Active Acknowledgement; Configuration Procedure; Configuring Authorized Arp - HP A6600 Configuration Manual

Configuring ARP active acknowledgement

The ARP active acknowledgement feature is configured on gateway devices to identify invalid ARP
packets.
ARP active acknowledgement works before the gateway creates or modifies an ARP entry to avoid
generating an incorrect ARP entry. For more information, see ARP Attack Protection Technology White
Paper.

Configuration procedure

To do...
1. Enter system view.
2. Enable the ARP active
acknowledgement function.

Configuring authorized ARP

This feature is only supported on Layer 3 Ethernet interfaces.
For more information about DHCP server and DHCP relay agent, see Layer 3—IP Services Configuration
Guide.
Authorized ARP entries are generated based on the DHCP clients' address leases on the DHCP server or
dynamic bindings on the DHCP relay agent.
After it is enabled with authorized ARP, an interface starts the ARP entry aging detection to detect
unusual logout of users. It is disabled from learning dynamic ARP entries to prevent attacks from
unauthorized clients that send packets using other clients' IP or MAC addresses and allows only
authorized clients to access network resources. Thus network security is enhanced.
NOTE:
Static ARP entries can overwrite authorized ARP entries, and authorized ARP entries can overwrite
dynamic ARP entries. But authorized ARP entries cannot overwrite static ARP entries, and dynamic ARP
entries cannot overwrite authorized ARP entries.

Configuration procedure

To do...
1. Enter system view.
Enter interface view.
2.
3. Configure the DHCP server (or
DHCP relay agent) to support
authorized ARP.
Command...
system-view
arp anti-attack active-ack enable
Command...
system-view
interface interface-type
interface-number
dhcp update arp
419
Remarks
—
Required
Disabled by default
Remarks
—
—
Required.
Not configured by default.