HP 6125XLG R2306-HP 6125XLG Blade Switch Security Command Reference - Page 224
arp detection validate, arp restricted-forwarding enable, Syntax, Default, Views
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 224 highlights
arp detection validate Use arp detection validate to enable ARP packet validity check. You can specify one or more objects to be checked in one command line. Use undo arp detection validate to disable ARP packet validity check. If you do not specify any keyword, this command deletes all objects. Syntax arp detection validate { dst-mac | ip | src-mac } * undo arp detection validate [ dst-mac | ip | src-mac ] * Default ARP packet validity check is disabled. Views System view Predefined user roles network-admin Parameters dst-mac: Checks the target MAC address of ARP responses. If the target MAC address is all-zero, all-one, or inconsistent with the destination MAC address in the Ethernet header, the packet is considered invalid and discarded. ip: Checks the sender and target IP addresses of ARP replies, and the sender IP address of ARP requests. All-zero, all-one, or multicast IP addresses are considered invalid and the corresponding packets are discarded. src-mac: Checks whether the sender MAC address in the message body is identical to the source MAC address in the Ethernet header. If they are identical, the packet is forwarded. Otherwise, the packet is discarded. Examples # Enable ARP packet validity check by checking the MAC addresses and IP addresses of ARP packets. system-view [Sysname] arp detection validate dst-mac src-mac ip arp restricted-forwarding enable Use arp restricted-forwarding enable to enable ARP restricted forwarding. Use undo arp restricted-forwarding enable to disable ARP restricted forwarding. Syntax arp restricted-forwarding enable undo arp restricted-forwarding enable Default ARP restricted forwarding is disabled. 215