R3303-HP HSR6800 Routers Security Command Reference
486
permit: Permits the matching ARP packets.
ip { any | ip-address [ ip-address-mask ] }: Specifies the sender IP address range.
• any: Matches any sender IP address.
• ip-address: Matches a sender IP address.
• ip-address-mask: Specifies the mask for the sender IP address in dotted decimal format. If no mask
is specified, the ip-address argument specifies a host IP address.
mac { any | mac-address [ mac-address-mask ] }: Specifies the sender MAC address range.
• any: Matches any sender MAC address.
• mac-address: Matches a sender MAC address, in the format of H-H-H.
• mac-address-mask: Specifies the mask for the sender MAC address, in the format of H-H-H.
• vlan vlan-id: Specifies the ID of a VLAN where this rule applies, in the range of 1 to 4094.
Usage guidelines
Upon receiving an ARP packet, user validity check first compares the sender IP and MAC addresses of
the ARP packet against user validity check rules. If a matching rule is found, the ARP packet is processed
according to the rule. If no matching rule is found, the device compares the ARP packet's sender IP and
MAC addresses against the static IP source guard binding entries, the DHCP snooping entries, 802.1X
security entries, and OUI MAC addresses in turn.
Examples
# Configure a user validity check rule, and enable user validity check.
<Sysname> system-view
[Sysname] arp detection 0 permit ip 10.1.1.1 255.255.0.0 mac 0001-0203-0607 ffff-ffff-0000
[Sysname] vlan 2
[Sysname-vlan2] arp detection enable
Related commands
arp detection enable
arp detection enable
Use arp detection enable to enable ARP detection.
Use undo arp detection enable to restore the default.
Syntax
arp detection enable
undo arp detection enable
Default
ARP detection is disabled.
Views
VLAN view
Default command level
2: System level