Entries/802.1X Security Entries/Oui Mac Addresses - HP A6600 Configuration Manual
Hide thumbs
Also See for A6600:
- Configuration manual (426 pages) ,
- Getting started (222 pages) ,
- Limited warranty (41 pages)
Table of Contents
Advertisement
ip—Checks the sender and target IP addresses in an ARP packet. The all-zero, all-one or multicast
•
IP addresses are considered invalid, and the corresponding packets are discarded. With this object
specified, the sender and target IP addresses of ARP replies, and the source IP address of ARP
requests are checked.
To configure ARP detection based on specified objects:
To do...
1.
Enter system view.
2.
Enter VLAN view.
3.
Enable ARP detection for the VLAN.
4.
Return to system view.
5.
Specify objects for ARP detection.
6.
Enter Ethernet interface view.
7.
Configure the port as a trusted port on
which ARP detection does not apply.
Enabling ARP detection based on static IP source guard binding
entries/DHCP snooping entries/802.1x security entries/OUI
MAC addresses
With this feature enabled, the device compares the sender IP and MAC addresses of an ARP packet
received from the VLAN against the static IP Source Guard binding entries, DHCP snooping entries,
802.1X security entries, or OUI MAC addresses to prevent spoofing.
After you enable this feature for a VLAN:
Upon receiving an ARP packet from an ARP untrusted port, the device compares the sender IP and
1.
MAC addresses of the ARP packet against the static IP source guard binding entries. If a match is
found, the ARP packet is considered valid and is forwarded. If an entry with a matching IP address
but an unmatched MAC address is found, the ARP packet is considered invalid and is discarded. If
no entry with a matching IP address is found, the device compares the ARP packet's sender IP and
MAC addresses against the DHCP snooping entries, 802.1X security entries, and OUI MAC
addresses.
If a match is found in any of the entries, the ARP packet is considered valid and is forwarded. ARP
2.
detection based on OUI MAC addresses means that if the sender MAC address of the received
ARP packet is an OUI MAC address and voice VLAN is enabled, the packet is considered valid.
If no match is found, the ARP packet is considered invalid and is discarded.
3.
Upon receiving an ARP packet from an ARP trusted port, the device does not check the ARP packet.
4.
Command...
system-view
vlan vlan-id
arp detection enable
quit
arp detection validate { dst-mac |
ip | src-mac } *
interface interface-type interface-
number
arp detection trust
424
Remarks
—
—
Required.
Disabled by default.
—
Required.
ARP detection is disabled
by default.
—
Optional.
The port is an untrusted
port by default.
Advertisement
Table of Contents
Troubleshooting
