Configuring ARP active acknowledgement
About ARP active acknowledgement
Configure this feature on gateways to prevent user spoofing.
ARP active acknowledgement prevents a gateway from generating incorrect ARP entries.
In strict mode, a gateway performs more strict validity checks before creating an ARP entry:
Upon receiving an ARP request destined for the gateway, the gateway sends an ARP reply but does not create an ARP entry.
Upon receiving an ARP reply, the gateway determines whether it has resolved the sender IP address:
If yes, the gateway performs active acknowledgement. When the ARP reply is verified as valid, the gateway creates an ARP entry.
If no, the gateway discards the packet.
Procedure
Enter system view.
system-view
Enable the ARP active acknowledgement feature.
arp active-ack [ strict ] enable
By default, this feature is disabled.
For ARP active acknowledgement to take effect in strict mode, make sure ARP blackhole routing is enabled.