270
Enable ARP packet source MAC
address consistency check
arp anti-attack valid-check enable
Required
Disabled by default.
Configuring ARP active acknowledgement
Introduction
The ARP active acknowledgement feature is configured on gateway devices to identify invalid ARP
packets.
ARP active acknowledgement works before the gateway creates or modifies an ARP entry to avoid
generating any incorrect ARP entry. For more information about its working mechanism, see ARP Attack
Protection Technology White Paper.
Configuration procedure
Follow these steps to configure ARP active acknowledgement:
Enable the ARP active
acknowledgement function
arp anti-attack active-ack enable
Required
Disabled by default.
Configuring ARP detection
Introduction
The ARP detection feature is mainly configured on an access device to allow only the ARP packets of
authorized clients to be forwarded and prevent user spoofing and gateway spoofing.
ARP detection includes ARP detection based on static IP source guard binding entries/DHCP snooping
entries/802.1X security entries/OUI MAC addresses, ARP detection based on specified objects, and ARP
restricted forwarding.
NOTE:
If both the ARP detection based on specified objects and the ARP detection based on static IP source
guard binding entries/DHCP snooping entries/802.1X security entries/OUI MAC addresses are
enabled, the former one applies first, and then the latter applies.
To Next Page
Loading...
