F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Command Reference-6PW100
46
ARP detection configuration commands
The following matrix shows the feature and hardware compatibility:
Hardware ARP
detection
com
p
atible
F1000-A-EI/F1000-S-EI Yes
F1000-E No
F5000 No
Firewall module No
U200-A Yes
U200-S Yes
arp detection
Use arp detection to configure an user validity check rule.
Use undo arp detection to restore the default.
Syntax
arp detection id-number { deny | permit } ip { any | ip-address [ ip-address-mask ] } mac { any |
mac-address [ mac-address-mask ] } [ vlan vlan-id ]
undo arp detection id-number
Default
No user validity check rule is specified.
Views
System view
Default command level
2: System level
Parameters
id-number: Specifies the sequence number of the user validity check rule, in the range of 0 to 511. Th e
smaller the value, the higher the priority.
deny: Denies the matching ARP packets.
permit: Permits the matching ARP packets.
ip { any | ip-address [ ip-address-mask ] }: Specifies the sender IP address range.
• any: Matches any sender IP address.
• ip-address: Matches a sender IP address.
• ip-address-mask: Specifies the mask for the sender IP address in dotted decimal format. If no mask
is specified, the ip-address argument specifies a host IP address.
mac { any | mac-address [ mac-address-mask ] }: Specifies the sender MAC address range.
• any: Matches any sender MAC address.
• mac-address: Matches a sender MAC address, in the format of H-H-H.