346
To do… Use the command…
Remarks
Return to system view quit —
Enable fixed ARP arp fixup Required
NOTE:
• IP addresses existing in ARP entries are not scanned.
• ARP automatic scannin
may take some time. To stop an on
oin
scan, press Ctrl + C. Dynamic ARP
entries are created based on ARP replies received before the scan is terminated.
• The static ARP entries changed from dynamic ARP entries have the same attributes as the manually
configured static ARP entries.
• Use the arp fixup command to change the existing dynamic ARP entries into static ARP entries. You can
use this command again to change the dynamic ARP entries learned later into static ARP entries.
• The number of static ARP entries chan
ed from dynamic ARP entries is restricted by the number of static
ARP entries that the device supports. As a result, the device may fail to chan
e all dynamic ARP entries
into static ARP entries.
• To delete a specific static ARP entry changed from a dynamic one, use the undo arp ip-address
[ vpn-instance-name ] command. To delete all such static ARP entries, use the reset arp all or reset arp
static command.
Configuring ARP gateway protection
Introduction
The ARP gateway protection feature, if configured on ports not connected with the gateway, can block
gateway spoofing attacks.
When such a port receives an ARP packet, it checks whether the sender IP address in the packet is
consistent with that of any protected gateway. If yes, it discards the packet. If not, it handles the packet
normally.
Configuration procedure
Follow these steps to configure ARP gateway protection:
To do… Use the command…
Remarks
Enter system view system-view —
Enter Layer 2 Ethernet interface
view/Layer 2 aggregate interface
view
interface interface-type
interface-number
—
Enable ARP gateway protection for a
specified gateway
arp filter source ip-address
Required
Disabled by default.
To Next Page
Loading...
Need help?
General