With ARP detection based on static IP-to-MAC bindings configured, the device, upon receiving an ARP
packet from an ARP trusted/untrusted port, compares the source IP and MAC addresses of the ARP
packet against the static IP-to-MAC bindings.
If an entry with a matching IP address but different MAC address is found, the ARP packet is
considered invalid and discarded.
If an entry with both matching IP and MAC addresses is found, the ARP packet is considered valid
and can pass the detection.
If no match is found, the ARP packet is considered valid and can pass the detection.
Note that: If no IP address is specified in the undo arp detection static-bind command, all configured
static IP-to-MAC bindings are removed.
Examples
# Configure a static IP-to-MAC binding.
<Sysname> system-view
[Sysname] arp detection static-bind 192.168.1.2 2-1-201
arp detection trust
Syntax
arp detection trust
undo arp detection trust
View
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Default Level
2: System level
Parameters
None
Description
Use the arp detection trust command to configure the port as an ARP trusted port.
Use the undo arp detection trust command to configure the port as an ARP untrusted port.
By default, the port is an ARP untrusted port.
Examples
# Configure GigabitEthernet1/0/1 as an ARP trusted port.
<Sysname> system-view
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] arp detection trust
arp detection validate
Syntax
arp detection validate { dst-mac | ip | src-mac } *
2-8