src-mac: Checks whether the sender MAC address in the message body is identical to the source
MAC address in the Ethernet header. If they are identical, the packet is forwarded. Otherwise, the
packet is discarded.
Usage guidelines
You can specify more than one object to be checked in one command line.
If no keyword is specified, the undo arp detection validate command disables ARP packet validity
check for all objects.
Examples
# Enable ARP packet validity check by checking the MAC addresses and IP addresses of ARP
packets.
<Sysname> system-view
[Sysname] arp detection validate dst-mac src-mac ip
arp restricted-forwarding enable
Use arp restricted-forwarding enable to enable ARP restricted forwarding.
Use undo arp restricted-forwarding enable to disable ARP restricted forwarding.
Syntax
arp restricted-forwarding enable
undo arp restricted-forwarding enable
Default
ARP restricted forwarding is disabled.
Views
VLAN view
Predefined user roles
network-admin
Examples
# Enable ARP restricted forwarding in VLAN 2.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] arp restricted-forwarding enable
display arp detection
Use display arp detection to display the VLANs enabled with ARP attack detection.
Syntax
display arp detection
Views
Any view
Predefined user roles
network-admin
network-operator
1116