Configuring Additional Validation Checks On Arp Packets; Verifying The Configuration Of Dynamic Arp Protection - HP ProCurve 6120G/XG Manual
Hp procurve series 6120 blade switches access security guide
Hide thumbs
Also See for ProCurve 6120G/XG:
- Configuration manual (662 pages) ,
- Manual (469 pages) ,
- Management manual (222 pages)
Table of Contents
Advertisement
Configuring Additional Validation Checks on ARP
Packets
Dynamic ARP protection can be configured to perform additional validation
checks on ARP packets. By default, no additional checks are performed. To
configure additional validation checks, enter the arp-protect validate command
at the global configuration level.
Syntax: [no] arp-protect validate <[src-mac] | [dst-mac] | [ip]>
src-mac
dst-mac
ip
You can configure one or more of the validation checks. The following
example of the arp-protect validate command shows how to configure the
validation checks for source MAC address and destination AMC address:
ProCurve(config)# arp-protect validate src-mac dst-mac
Verifying the Configuration of Dynamic ARP Protection
To display the current configuration of dynamic ARP protection, including the
additional validation checks and the trusted ports that are configured, enter
the show arp-protect command:
Configuring Advanced Threat Protection
(Optional) Drops any ARP request or response
packet in which the source MAC address in the
Ethernet header does not match the sender MAC
address in the body of the ARP packet.
(Optional) Drops any unicast ARP response packet
in which the destination MAC address in the
Ethernet header does not mach the target MAC
address in the body of the ARP packet.
(Optional) Drops any ARP packet in which the
sender IP address is invalid. Drops any ARP
response packet in which the target IP address is
invalid. Invalid IP addresses include: 0.0.0.0,
255.255.255.255, all IP multicast addresses, and
all Class E IP addresses.
Dynamic ARP Protection
10-21
Hide quick links:
Advertisement
Table of Contents
