Table of Contents
Advertisement
Figure 129 Network diagram
Configuration procedure
# Configure ARP filtering on Switch B.
<SwitchB> system-view
[SwitchB] interface fortygige 1/1/1
[SwitchB-FortyGigE1/1/1] arp filter binding 10.1.1.2 000f-e349-1233
[SwitchB-FortyGigE1/1/1] quit
[SwitchB] interface fortygige 1/1/2
[SwitchB-FortyGigE1/1/2] arp filter binding 10.1.1.3 000f-e349-1234
Verifying the configuration
# Verify that FortyGigE 1/1/1 permits ARP packets from Host A and discards other ARP packets.
# Verify that FortyGigE 1/1/2 permits ARP packets from Host B and discards other ARP packets.
Configuring ARP sender IP address checking
This feature allows a gateway to check the sender IP address of an ARP packet in a VLAN before
ARP learning. If the sender IP address is within the allowed IP address range, the gateway continues
ARP learning. If the sender IP address is out of the range, the gateway determines the ARP packet
as an attack packet and discards it.
When you configure this feature for a VLAN, follow these restrictions and guidelines:
•
If the VLAN is a sub-VLAN and associated with a super VLAN, configure this feature only in the
sub-VLAN.
•
If Layer 3 communication is configured between the secondary VLANs that are associated with
a primary VLAN, configure this feature in the primary VLAN. If Layer 3 communication is not
configured between the secondary VLANs associated with a primary VLAN, configure this
feature in the target VLAN.
To configure ARP sender IP address checking:
Step
1.
Enter system view.
2.
Enter VLAN view.
3.
Specify the IP address range
Command
system-view
vlan vlan-id
arp sender-ip-range
421
Remarks
N/A
N/A
By default, no IP address range is
Advertisement
Table of Contents
Troubleshooting
