Configuring Arp Detection Based On Specified Objects - HP 12500 Series Configuration Manual
Routing
Hide thumbs
Also See for 12500 Series:
- Configuration manual (402 pages) ,
- Network management and monitoring command reference (320 pages) ,
- Command reference manual (157 pages)
Table of Contents
Advertisement
Step
5.
Enter Layer 2 Ethernet interface view
or Layer 2 aggregate interface view.
6.
Configure the port as a trusted port
on which ARP detection does not
apply.
When configuring this feature, you need to configure ARP detection based on at least static IP source
guard binding entries, DHCP snooping entries, or 802.1X security entries. Otherwise, all ARP packets
received from an ARP untrusted port will be discarded, except the ARP packets with an OUI MAC
address as the sender MAC address when voice VLAN is enabled.
When configuring an IP Source guard binding entry, you need to specify the VLAN. Otherwise, no ARP
packet will pass the ARP detection based on static IP source guard binding entries.
Configuring ARP detection based on specified objects
With this feature configured, the switch permits the ARP packets received from an ARP trusted port, and
checks the ARP packets received from an ARP untrusted port. You can specify objects in the ARP packets
to be checked. The objects involve:
src-mac—Checks whether the sender MAC address of an ARP packet is identical to the source
•
MAC address in the Ethernet header. If they are identical, the packet is forwarded. Otherwise, the
packet is discarded.
dst-mac—Checks the target MAC address of ARP replies. If the target MAC address is all-zero,
•
all-one, or inconsistent with the destination MAC address in the Ethernet header, the packet is
considered invalid and discarded.
ip—Checks the sender and target IP addresses in an ARP packet. The all-zero, all-one or multicast
•
IP addresses are considered invalid and the corresponding packets are discarded. With this object
specified, the sender and target IP addresses of ARP replies, and the source IP address of ARP
requests are checked.
To configure ARP detection based on specified objects:
Step
1.
Enter system view.
2.
Enter VLAN view.
3.
Enable ARP detection for the VLAN.
4.
Return to system view.
5.
Specify the objects to be checked.
6.
Enter Ethernet interface view.
7.
Configure the port as a trusted port on
which ARP detection does not apply.
Command
interface interface-type
interface-number
arp detection trust
Command
system-view
vlan vlan-id
arp detection enable
quit
arp detection validate { dst-mac |
ip | src-mac } *
interface interface-type
interface-number
arp detection trust
275
Remarks
N/A
Optional.
The port is an untrusted port by default.
Remarks
N/A
N/A
Disabled by default.
N/A
N/A
N/A
Optional.
The port is an untrusted port
by default.
Advertisement
Table of Contents
Troubleshooting
