Configuration Guide Configuring ARP
TTL invalid packet number: 0
ICMP packet input number: 0
Echo request : 0
Echo reply : 0
Unreachable : 0
Source quench : 0
Routing redirect : 0
2.4.5 Enabling ARP Trustworthiness Detection
Configuration Effect
Enable ARP trustworthiness detection. If the device receiving an ARP request packet fails to find the corresponding entry,
it performs NUD. If the MAC address in the existing dynamic ARP entry is updated, the device immediately performs NUD
to prevent ARP attacks.
Notes
Since this function adds a strict confirmation procedure in the ARP learning process, it affects the efficiency of ARP
learning.
Configuration Steps
Optional.
If there is a need for learning ARP entries, enable ARP trustworthiness detection on the device. If the device
receiving an ARP request packet fails to find the corresponding entry, it needs to send a unicast ARP request packet
to check whether the peer end exists. If yes, the device learns the ARP entry. If not, the device does not learn the
ARP entry. If the MAC address in the ARP entry changes, the device will immediately perform NUD to prevent ARP
spoofing.
Enable ARP trustworthiness detection in interface configuration mode.
Verification
Run the show running-config interface <name> command to check whether the configuration take effect
Related Commands
Enabling ARP Trustworthiness Detection
Interface configuration mode
Enable this function. If the corresponding ARP entry exists and the MAC address is not updated, the
device does not perform NUD.
To Next Page
Loading...
Need help?
General
