Configuring Authorized Arp; Configuration Procedure; Configuration Example (On A Dhcp Server) - HPE FlexNetwork 7500 Series Security Configuration Manual

Configuring authorized ARP

Authorized ARP entries are generated based on the DHCP clients' address leases on the DHCP
server or dynamic client entries on the DHCP relay agent. For more information about DHCP server
and DHCP relay agent, see Layer 3—IP Services Configuration Guide.
With authorized ARP enabled, an interface is disabled from learning dynamic ARP entries. This
feature prevents user spoofing and allows only authorized clients to access network resources.

Configuration procedure

To enable authorized ARP:
Step
1. Enter system view.
2. Enter interface view.
3. Enable authorized ARP on
the interface.

Configuration example (on a DHCP server)

Network requirements
As shown in
server) to ensure user validity.
Figure 123 Network diagram
DHCP server
GE1/0/1
10.1.1.1/24
Device A
Configuration procedure
1. Configure Device A:
# Specify the IP address for GigabitEthernet 1/0/1.
<DeviceA> system-view
[DeviceA] interface gigabitethernet 1/0/1
[DeviceA-GigabitEthernet1/0/1] ip address 10.1.1.1 24
[DeviceA-GigabitEthernet1/0/1] quit
# Configure DHCP.
[DeviceA] dhcp enable
[DeviceA] dhcp server ip-pool 1
[DeviceA-dhcp-pool-1] network 10.1.1.0 mask 255.255.255.0
[DeviceA-dhcp-pool-1] quit
Command
system-view
interface interface-type
interface-number
arp authorized enable
Figure 123, configure authorized ARP on GigabitEthernet 1/0/1 of Device A (a DHCP
DHCP client
GE1/0/1
Device B
422
Remarks
N/A
The following interface types are
supported:
•
Layer 3 Ethernet interfaces.
•
Layer 3 Ethernet subinterfaces.
•
Layer 3 aggregate interfaces.
•
Layer 3 aggregate subinterfaces.
•
VLAN interfaces.
By default, authorized ARP is disabled.