Ignoring ingress ports of ARP packets during user validity check

About ignoring ingress ports of ARP packets during user validity check

ARP attack detection performs user validity check on ARP packets from ARP untrusted interfaces. The sender IP and sender MAC in the received ARP packet are compared with the entries used for user validity check. In addition, user validity check compares the ingress port of the ARP packet with the port in the entries. If no matching port is found, the ARP packet is discarded. For more information about user validity check, see "Configuring user validity check."

Procedure

  1. Enter system view.

    system-view

  2. Ignore ingress ports of ARP packets during user validity check.

    arp detection port-match-ignore

    By default, ingress ports of ARP packets are checked during user invalidity.