Example: Configuring authorized ARP on a DHCP server

As shown in Figure 160, configure authorized ARP on HundredGigE 1/0/1 of Device A (a DHCP server) to ensure user validity.

1. Configure Device A:

   # Specify the IP address for HundredGigE 1/0/1.

   <DeviceA> system-view
   [DeviceA] interface hundredgige 1/0/1
   [DeviceA-HundredGigE1/0/1] ip address 10.1.1.1 24
   [DeviceA-HundredGigE1/0/1] quit
   

   # Configure DHCP.

   [DeviceA] dhcp enable
   [DeviceA] dhcp server ip-pool 1
   [DeviceA-dhcp-pool-1] network 10.1.1.0 mask 255.255.255.0
   [DeviceA-dhcp-pool-1] quit
   

   # Enter Layer 3 Ethernet interface view.

   [DeviceA] interface hundredgige 1/0/1
   

   # Enable authorized ARP.

   [DeviceA-HundredGigE1/0/1] arp authorized enable
   [DeviceA-HundredGigE1/0/1] quit
   

2. Configure Device B:

   <DeviceB> system-view
   [DeviceB] interface hundredgige 1/0/1
   [DeviceB-HundredGigE1/0/1] ip address dhcp-alloc
   [DeviceB-HundredGigE1/0/1] quit
   

# Display authorized ARP entry information on Device A.

[DeviceA] display arp all
  Type: S-Static   D-Dynamic   O-Openflow   R-Rule   M-Multiport  I-Invalid
IP Address       MAC Address    SVLAN/VSI Interface/Link ID        Aging Type
10.1.1.2         0012-3f86-e94c N/A       HGE1/0/1                 960   D

The output shows that IP address 10.1.1.2 has been assigned to Device B.

Device B must use the IP address and MAC address in the authorized ARP entry to communicate with Device A. Otherwise, the communication fails. Thus user validity is ensured.