Configuring ARP packet source MAC address
consistency check
Introduction
The ARP packet source MAC address consistency check feature enables a gateway device to filter out
ARP packets that have a different source MAC address in the Ethernet header from the sender MAC
address in the message, so that the gateway device can learn correct ARP entries.
Configuration procedure
To enable ARP packet source MAC address consistency check:
Step
1.
Enter system view.
2.
Enable ARP packet source MAC
address consistency check.
NOTE:
Disable ARP packet source MAC address consistency check if cluster severs are used for transparent
transmission or the switch needs to process the ARP packets from cluster servers.
Configuring ARP active acknowledgement
Introduction
Typically, the ARP active acknowledgement feature is configured on gateway devices to identify invalid
ARP packets.
ARP active acknowledgement works before the gateway creates or modifies an ARP entry to avoid
generating any incorrect ARP entry. For more information about its working mechanism, see ARP Attack
Protection Technology White Paper.
Configuration procedure
To configure ARP active acknowledgement:
Step
1.
Enter system view.
Enable
2.
acknowledgement function.
Command
system-view
arp anti-attack valid-check enable
Command
system-view
the
ARP
active
arp anti-attack active-ack enable
269
Remarks
N/A
Disabled by default.
Remarks
N/A
Disabled by default.