Configuring Arp Detection; Configuring Arp Detection Based On Specified Objects - HP A6600 Configuration Manual
Hide thumbs
Also See for A6600:
- Configuration manual (426 pages) ,
- Getting started (222 pages) ,
- Limited warranty (41 pages)
Table of Contents
Advertisement
Configure Router C.
3.
<RouterC> system-view
[RouterC] ip route-static 10.1.1.0 24 10.10.1.1
[RouterC] interface gigabitethernet1/0/2
[RouterC-GigabitEthernet1/0/2] ip address dhcp-alloc
[RouterC-GigabitEthernet1/0/2] quit
After Router C obtains the IP address from Router A, display the authorized ARP information on
4.
Router B.
[RouterB] display arp all
IP Address
10.10.1.2
From the output, you can see that Router A assigned an IP address of 10.10.1.2 to Router C.
Router C must use the IP address and MAC address that are consistent with those in the authorized ARP
entry to communicate with Router B. Otherwise, the communication fails. Thus the client validity is
ensured.
If Router C fails, Router B deletes the authorized ARP entry associated with Router C after the aging timer
expires.
Configuring ARP detection
This feature is available only when SAP boards operate at Layer 2.
The ARP detection feature is mainly configured on an access device to allow only the ARP packets of
authorized clients to be forwarded and to prevent user spoofing and gateway spoofing.
ARP detection includes ARP detection based on specified objects, ARP detection based on static IP
source guard binding entries/DHCP snooping entries/802.1X security entries/OUI MAC addresses,
and ARP restricted forwarding.
NOTE:
If both the ARP detection based on specified objects and the ARP detection based on static IP Source
Guard binding entries/DHCP snooping entries/802.1X security entries/OUI MAC addresses are
enabled, the former one applies first, and then the latter applies.
Configuring ARP detection based on specified objects
With this feature configured, the device permits the ARP packets received from an ARP trusted port to
pass directly and checks the ARP packets received from an ARP untrusted port. specify objects in the ARP
packets to be detected. The objects include:
src-mac—Checks whether the sender MAC address of an ARP packet is identical to the source
•
MAC address in the Ethernet header. If they are identical, the packet is forwarded. Otherwise, the
packet is discarded.
dst-mac—Checks the target MAC address of ARP replies. If the target MAC address is all-zero, all-
•
one, or inconsistent with the destination MAC address in the Ethernet header, the packet is
considered invalid and is discarded.
Type: S-Static
D-Dynamic
MAC Address
VLAN ID
0012-3f86-e94c
N/A
A-Authorized
Interface
GE1/0/2
423
Aging Type
2
A
Advertisement
Table of Contents
Troubleshooting
