Manualshelf

R3303-HP HSR6800 Routers Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
501502503504505506507508509510
488
Parameters
dst-mac: Checks the target MAC address of ARP responses. If the target MAC address is all-zero, all-one,
or inconsistent with the destination MAC address in the Ethernet header, the packet is considered invalid
and discarded.
ip: Checks the source and destination IP addresses of ARP packets. The all-zero, all-one, or multicast IP
addresses are considered invalid and the corresponding packets are discarded. With this keyword
specified, the source and destination IP addresses of ARP replies, and the source IP address of ARP
requests are checked.
src-mac: Checks whether the sender MAC address of an ARP packet is identical to the source MAC
address in the Ethernet header. If they are identical, the packet is considered valid. Otherwise, the packet
is discarded.
Examples
# Enable ARP packet validity check by checking the MAC addresses and IP addresses of ARP packets.
<Sysname> system-view
[Sysname] arp detection validate dst-mac src-mac ip
arp restricted-forwarding enable
Use arp restricted-forwarding enable to enable ARP restricted forwarding.
Use undo arp restricted-forwarding enable to disable ARP restricted forwarding.
Syntax
arp restricted-forwarding enable
undo arp restricted-forwarding enable
Default
ARP restricted forwarding is disabled.
Views
VLAN view
Default command level
2: System level
Examples
# Enable ARP restricted forwarding in VLAN 2.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] arp restricted-forwarding enable
display arp detection
Use display arp detection to display the VLANs enabled with ARP detection.
Syntax
display arp detection [ | { begin | exclude | include } regular-expression ]