arp detection validate
Syntax
arp detection validate { dst-mac | ip | src-mac } *
undo arp detection validate [ dst-mac | ip | src-mac ] *
View
System view
Default level
2: System level
Parameters
dst-mac: Checks the target MAC address of ARP responses. If the target MAC address is all-zero, all-one,
or inconsistent with the destination MAC address in the Ethernet header, the packet is considered invalid
and discarded.
ip: Checks the source and destination IP addresses of ARP packets. The all-zero, all-one or multicast IP
addresses are considered invalid and the corresponding packets are discarded. With this keyword
specified, the source and destination IP addresses of ARP replies, and the source IP address of ARP
requests will be checked.
src-mac: Checks whether the sender MAC address of an ARP packet is identical to the source MAC
address in the Ethernet header. If they are identical, the packet is considered valid; otherwise, the packet
is discarded.
Description
Use the arp detection validate command to configure ARP detection based on specified objects. You can
specify one or more objects in one command line.
Use the undo arp detection validate command to remove detected objects. If no keyword is specified, all
the detected objects are removed.
By default, ARP detection based on specified objects is disabled.
Examples
# Enable the checking of the MAC addresses and IP addresses of ARP packets.
<Sysname> system-view
[Sysname] arp detection validate dst-mac src-mac ip
arp restricted-forwarding enable
Syntax
arp restricted-forwarding enable
undo arp restricted-forwarding enable
View
VLAN view
Default level
2: System level
309