348
Configuring ARP filtering
Introduction
To prevent gateway spoofing and user spoofing, the ARP filtering feature controls the forwarding of ARP
packets on a port.
The port checks the sender IP and MAC addresses in a received ARP packet against configured ARP
filtering entries. If a match is found, the packet is handled normally. If not, the packet is discarded.
Configuration procedure
Follow these steps to configure ARP filtering:
To do… Use the command…
Remarks
Enter system view system-view —
Enter Layer 2 Ethernet interface
view/Layer 2 aggregate interface
view
interface interface-type interface-number
—
Configure an ARP filtering entry
arp filter binding ip-address
mac-address
Required
Not configured by default.
NOTE:
• You can configure up to eight ARP filtering entries on a port.
• Commands arp filter source and arp filter binding cannot be both configured on a port.
• If ARP filtering works with ARP detection, MFF, and ARP snooping, ARP filtering applies first.
ARP filtering configuration example
Network requirements
As shown in Figure 132, the IP and MAC addresses of Host A are 10.1.1.2 and 000f-e349-1233
respectively. The IP and MAC addresses of Host B are 10.1.1.3 and 000f-e349-1234 respectively.
Configure ARP filtering on Ethernet 1/0/1 and Ethernet 1/0/2 of Switch B to permit specific ARP
packets only.
To Next Page
Loading...
Need help?
General