333
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable the ARP active
acknowledgement function.
arp active-ack [ strict ]
enable
By default, ARP active acknowledgement
function is disabled.
Configuring authorized ARP
Authorized ARP entries are generated based on the DHCP clients' address leases on the DHCP server or
dynamic client entries on the DHCP relay agent. For more information about DHCP server and DHCP
relay agent, see Layer 3—IP Services Configuration Guide.
With authorized ARP enabled, an interface is disabled from learning dynamic ARP entries to prevent user
spoofing and allows only authorized clients to access network resources.
Configuration procedure
To enable authorized ARP:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter Layer 3 Ethernet
interface/Layer 3 Ethernet
subinterface/Layer 3 aggregate
interface/Layer 3 aggregate
subinterface view/VLAN interface
view.
interface interface-type
interface-number
N/A
3. Enable authorized ARP on the
interface.
arp authorized enable
By default, authorized ARP is
disabled.
Configuration example (on a DHCP server)
Network requirements
As shown in Figure 112, configure authorized ARP on Ten-GigabitEthernet 1/0/1 of Switch A (a DHCP
server) to ensure user validity.
Figure 112 Network diagram
Configuration procedure
1. Configure Switch A:
# Specify the IP address for Ten-GigabitEthernet 1/0/1.
<SwitchA> system-view
To Next Page
Loading...
Need help?
General
