429
• If ARP filtering works with ARP attack detection, MFF, and ARP snooping, ARP filtering applies
first.
Configuration procedure
To configure ARP filtering:
1. Enter system view.
system-view
N/A
2. Enter Layer
interface or Layer 2 aggregate
interface view.
interface
interface-type
interface-number
N/A.
3.
configure a permitted entry.
arp filter binding
ip-address
mac-address
By default, ARP filtering is
disabled.
Configuration example
Network requirements
As shown in Figure 129, the IP and MAC addresses of Host A are 10.1.1.2 and 000f-e349-1233,
respectively. The IP and MAC addresses of Host B are 10.1.1.3 and 000f-e349-1234, respectively.
Configure ARP filtering on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 of Switch B to permit
ARP packets from only Host A and Host B.
Figure 129 Network diagram
Configuration procedure
# Configure ARP filtering on Switch B.
<SwitchB> system-view
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] arp filter binding 10.1.1.2 000f-e349-1233
[SwitchB-GigabitEthernet1/0/1] quit
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] arp filter binding 10.1.1.3 000f-e349-1234
Switch A
Switch B
Host A Host B
GE1/0/1
GE1/0/3
GE1/0/2