R3303-HP HSR6800 Routers Security Configuration Guide
42
• If the packets are ARP requests, they are forwarded through the trusted interface.
• If the packets are ARP replies, they are forwarded according to their destination MAC address. If no
match is found in the MAC address table, they are forwarded through the trusted interface.
Before configuring this feature, configure user validity check.
To enable ARP restricted forwarding:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter VLAN view.
vlan vlan-id N/A
3. Enable ARP restricted
forwarding.
arp restricted-forwarding enable
Disabled by default.
Displaying and maintaining ARP detection
Task Command
Remarks
Display the VLANs enabled
with ARP detection.
display arp detection [ | { begin | exclude |
include } regular-expression ]
Available in any view.
Display the ARP detection
statistics.
display arp detection statistics [ interface
interface-type interface-number ] [ | { begin |
exclude | include } regular-expression ]
Available in any view.
Clear the ARP detection
statistics.
reset arp detection statistics [ interface
interface-type interface-number ]
Available in user view.
User validity check configuration example
Network requirements
As shown in Figure 140,
• Configure the DHCP server on Router A.
• Configure 802.1X on Router B.
• Enable ARP detection in VLAN 10 to check user validity based on 802.1X entries.
• Configure Host A and Host B as 802.1X users.