Example: Configuring ARP sender IP address checking
Network configuration
As shown in Figure 167, perform the following tasks:
Create a super VLAN and associate it with VLANs 2, 3, and 4. VLANs 2, 3, and 4 are isolated at Layer 2 but interoperable at Layer 3. All hosts in VLANs 2, 3, and 4 use the gateway IP address 10.1.1.1/24 for Layer 3 communication.
Configure the ARP sender IP address checking feature in VLAN 2 and specify the sender IP address range 10.1.1.1 to 10.1.1.10.
Figure 167: Network diagram
Procedure
# Create VLAN 10.
<Device> system-view [Device] vlan 10 [Device-vlan10] quit
# Create VLAN-interface 10, and assign IP address 10.1.1.1/24 to it.
[Device] interface vlan-interface 10 [Device-Vlan-interface10] ip address 10.1.1.1 255.255.255.0 [Device] quit
# Create VLAN 2, and assign HundredGigE 1/0/1 and HundredGigE 1/0/2 to the VLAN.
[Device] vlan 2 [Device-vlan2] port hundredgige 1/0/1 hundredgige 1/0/2 [Device-vlan2] quit
# Create VLAN 3, and assign HundredGigE 1/0/3 and HundredGigE 1/0/4 to the VLAN.
[Device] vlan 3 [Device-vlan3] port hundredgige 1/0/3 hundredgige 1/0/4 [Device-vlan3] quit
# Create VLAN 4, and assign HundredGigE 1/0/5 and HundredGigE 1/0/6 to the VLAN.
[Device] vlan 4 [Device-vlan4] port hundredgige 1/0/5 hundredgige 1/0/6 [Device-vlan4] quit
# Configure VLAN 10 as a super VLAN, and associate sub-VLANs 2, 3, and 4 with the super VLAN.
[Device] vlan 10 [Device-vlan10] supervlan [Device-vlan10] subvlan 2 3 4 [Device-vlan10] quit
# Enable the ARP sender IP address checking feature in VLAN 2 and specify the IP address range 10.1.1.1 to 10.1.1.10.
[Device] vlan 2 [Device-vlan2] arp sender-ip-range 10.1.1.1 10.1.1.10
Verifying the configuration
# Verify that the device accepts only ARP packets whose sender IP addresses are within the specified address range 10.1.1.1 to 10.1.1.10. The device discards the ARP packets with the sender IP addresses that are out of the range.