Arp Detection Enable - H3C S3100 Series Command Manual

Command Manual (For Soliton) – ARP
H3C S3100 Series Ethernet Switches
Description
Use the arp check enable command to enable the ARP entry checking function on a
switch.
Use the undo arp check enable command to disable the ARP entry checking function.
With the ARP entry checking function enabled, the switch cannot learn any ARP entry
with a multicast MAC address. Configuring such a static ARP entry is not allowed either;
otherwise, the system prompts error information.
After the ARP entry checking function is disabled, the switch can learn the ARP entry
with a multicast MAC address, and you can also configure such a static ARP entry on
the switch.
By default, the ARP entry checking function is enabled.
Examples
# Disable the ARP entry checking function.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] undo arp check enable

1.1.3 arp detection enable

Syntax
arp detection enable
undo arp detection enable
View
VLAN view
Parameters
None
Description
Use the arp detection enable command to enable the ARP attack detection function
on all ports in the specified VLAN. When receiving an ARP packet from a port in this
VLAN, the switch will check the source IP address, source MAC address, number of the
receiving port, and the VLAN of the port. If the mapping of the source IP address and
source MAC address is not included in the DHCP snooping entries or IP static binding
entries, or the number of the receiving port and the VLAN of the port do not match the
DHCP snooping entries or IP static binding entries, the ARP packet will be discarded.
Use the undo arp detection enable command to disable the ARP attack detection
function on all ports in the specified VLAN.
Chapter 1 ARP Configuration Commands
1-2