[x]

ARP detection configuration commands > arp detection validate

 

 Next

arp detection validate

Syntax

arp detection validate { dst-mac | ip | src-mac } *

undo arp detection validate [ dst-mac | ip | src-mac ] *

View

System view

Default level

2: System level

Parameters

dst-mac: Checks the target MAC address of ARP responses. If the target MAC address is all-zero, all-one, or inconsistent with the destination MAC address in the Ethernet header, the packet is considered invalid and discarded.

ip: Checks the source and destination IP addresses of ARP packets. The all-zero, all-one or multicast IP addresses are considered invalid and the corresponding packets are discarded. With this keyword specified, the source and destination IP addresses of ARP replies, and the source IP address of ARP requests will be checked.

src-mac: Checks whether the sender MAC address of an ARP packet is identical to the source MAC address in the Ethernet header. If they are identical, the packet is considered valid. Otherwise, the packet is discarded.

Description

Use arp detection validate to configure ARP detection based on specified objects. You can specify one or more objects in one command line.

Use undo arp detection validate to remove detected objects. If no keyword is specified, all detected objects are removed.

By default, ARP detection based on specified objects is disabled.

Examples

# Enable the checking of the MAC addresses and IP addresses of ARP packets.

<Sysname> system-view
[Sysname] arp detection validate dst-mac src-mac ip

prev

 

up

 next

arp detection trust 

home

 arp restricted-forwarding enable

© Copyright 2016 Hewlett Packard Enterprise Development LP