Configuring Arp Sender Ip Address Checking - HPE FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Security command reference (881 pages) ,
- Network management and monitoring command reference (423 pages) ,
- Configuration manual (407 pages)
Table of Contents
Advertisement
Configuring ARP sender IP address checking
This feature allows a gateway to check the sender IP address of an ARP packet in a VLAN before
ARP learning. If the sender IP address is within the allowed IP address range, the gateway continues
ARP learning. If the sender IP address is out of the range, the gateway determines the ARP packet
as an attack packet and discards it.
When you configure the ARP sender IP address checking feature in a VLAN, follow these restrictions
and guidelines:
•
If the VLAN is a sub-VLAN and is associated with a super VLAN, configure this checking feature
only in the sub-VLAN.
•
If Layer 3 communication is configured between the secondary VLANs associated with a
primary VLAN, configure this feature in the primary VLAN. If Layer 3 communication is not
configured between the secondary VLANs associated with a primary VLAN, configure this
feature in the intended VLAN.
To configure the ARP sender IP address checking feature:
Step
1.
Enter system view.
2.
Enter VLAN view.
3.
Enable the ARP sender IP
address checking feature
and specify the IP address
range.
Command
system-view
vlan vlan-id
arp sender-ip-range
start-ip-address end-ip-address
530
Remarks
N/A
N/A
By default, the ARP sender IP
address checking feature is
disabled.
Advertisement
Table of Contents
Troubleshooting
