317
Configuring ARP filtering
Introduction
To prevent gateway spoofing and user spoofing, the ARP filtering feature controls the forwarding of ARP
packets on a port.
The port checks the sender IP and MAC addresses in a received ARP packet against configured ARP
filtering entries. If a match is found, the packet is handled normally. If not, the packet is discarded.
Configuration procedure
Follow these steps to configure ARP filtering:
To do… Use the command…
Remarks
Enter system view system-view —
Enter Layer 2 Ethernet port
view/Layer 2 aggregate interface
view
interface interface-type interface-number
—
Configure an ARP filtering entry
arp filter binding ip-address
mac-address
Required
Not configured by default.
NOTE:
• You can configure up to eight ARP filtering entries on a port.
• Commands arp filter source and arp filter binding cannot be both configured on a port.
• If ARP filtering works with ARP detection or ARP snooping, ARP filtering applies first.
ARP filtering configuration example
Network requirements
As shown in Figure 115 , the IP and MAC addresses of Host A are 10.1.1.2 and 000f-e349-1233
respectively. The IP and MAC addresses of Host B are 10.1.1.3 and 000f-e349-1234 respectively.
Configure ARP filtering on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 of Switch B to permit
specific ARP packets only.
To Next Page
Loading...
