ip: Checks the sender and target IP addresses in an ARP packet. Any all-zero, all-one or multicast IP
•
addresses are considered invalid and the corresponding packets are discarded. With this object
specified, the sender and target IP addresses of ARP replies, and the source IP address of ARP
requests are checked.
Follow these steps to configure ARP detection based on specified objects:
To do...
Enter system view
Enter VLAN view
Enable ARP detection for the VLAN
Return to system view
Specify the objects to be checked
Enter Layer 2 Ethernet port/Layer 2
aggregate interface view
Configure the port as a trusted port
on which ARP detection does not
apply
Configuring ARP restricted forwarding
ARP restricted forwarding controls the forwarding of ARP packets that are received on untrusted ports
and have passed ARP detection in the following cases:
If the packets are ARP requests, they are forwarded through the trusted ports.
•
If the packets are ARP responses, they are forwarded according to their destination MAC address.
•
If no match is found in the MAC address table, they are forwarded through the trusted ports.
Before performing the following configuration, make sure you have configured the arp detection enable
command.
Follow these steps to enable ARP restricted forwarding:
To do...
Enter system view
Enter VLAN view
Enable ARP restricted forwarding
Displaying and maintaining ARP detection
To do...
Display the VLANs enabled
with ARP detection
Use the command...
system-view
vlan vlan-id
arp detection enable
quit
arp detection validate { dst-mac |
ip | src-mac } *
interface interface-type
interface-number
arp detection trust
Use the command...
system-view
vlan vlan-id
arp restricted-forwarding enable
Use the command...
display arp detection [ | { begin | exclude |
include } regular-expression ]
340
Remarks
—
—
Required
Disabled by default.
—
Required
Disabled by default.
—
Optional
The port is an untrusted port by
default.
Remarks
—
—
Required
Disabled by default.
Remarks
Available in any view