Arp Packet Source Mac Consistency Check Configuration Commands; Arp Anti-Attack Valid-Ack Enable; Arp Active Acknowledgement Configuration Commands; Arp Anti-Attack Active-Ack Enable - HPE FlexNetwork HSR6800 Security Command Reference

slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The
chassis-number argument specifies the ID of the IRF member device. The slot-number argument
specifies the slot number of the card. (In IRF mode.)
Examples
# Specify the ARP packet rate for the card in slot 1 as 50 pps, and exceeded packets are discarded.
<Sysname> system-view
[Sysname] arp rate-limit rate 50 drop slot 1
ARP packet source MAC consistency check
configuration commands

arp anti-attack valid-ack enable

Use arp anti-attack valid-check enable to enable ARP packet source MAC address consistency
check on the gateway.
Use undo arp anti-attack valid-check enable to restore the default.
Syntax
arp anti-attack valid-check enable
undo arp anti-attack valid-check enable
Default
ARP packet source MAC address consistency check is disabled.
Views
System view
Default command level
2: System level
Usage guidelines
After you execute the arp anti-attack valid-check enable command, the gateway device can filter
out ARP packets with the source MAC address in the Ethernet header different from the sender MAC
address in the ARP message.
Examples
# Enable ARP packet source MAC address consistency check.
<Sysname> system-view
[Sysname] arp anti-attack valid-check enable
ARP active acknowledgement configuration
commands

arp anti-attack active-ack enable

Use arp anti-attack active-ack enable to enable the ARP active acknowledgement function.
Use undo arp anti-attack active-ack enable to restore the default.
460