Configuring ARP filtering
Introduction
To prevent gateway spoofing and user spoofing, the ARP filtering feature controls the forwarding of ARP
packets on a port.
The port checks the sender IP and MAC addresses in a received ARP packet against configured ARP
filtering entries. If a match is found, the packet is handled normally. If not, the packet is discarded.
Configuration procedure
Follow these steps to configure ARP filtering:
To do...
Enter system view
Enter Layer 2 Ethernet port
view/Layer 2 aggregate interface
view
Configure an ARP filtering entry
NOTE:
You can configure up to eight ARP filtering entries on a port.
•
Commands arp filter source and arp filter binding cannot be both configured on a port.
•
If ARP filtering works with ARP detection or ARP snooping, ARP filtering applies first.
•
ARP filtering configuration example
Network requirements
As shown in
respectively. The IP and MAC addresses of Host B are 10.1.1.3 and 000f-e349- 1 234 respectively.
Configure ARP filtering on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 of Switch B to permit
specific ARP packets only.
Use the command...
system-view
interface interface-type interface-number
arp filter binding ip-address
mac-address
Figure 1
15, the IP and MAC addresses of Host A are 10.1.1.2 and 000f-e349- 1 233
317
Remarks
—
—
Required
Not configured by default.