F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Command Reference-6PW100
47
• mac-address-mask: Specifies the mask for the sender MAC address, in the format of H-H-H.
• vlan vlan-id: Specifies the ID of a VLAN where this rule applies, in the range of 1 to 4094.
Usage guidelines
Upon receiving an ARP packet, user validity check first compares the sender IP and MAC addresses of
the ARP packet against user validity check rules. If a matching rule is found, the ARP packet is processed
according to the rule. If no matching rule is found, the packet is invalid and discarded.
Examples
# Configure a user validity check rule, and enable user validity check.
<Sysname> system-view
[Sysname] arp detection 0 permit ip 10.1.1.1 255.255.0.0 mac 0001-0203-0607 ffff-ffff-0000
[Sysname] vlan 2
[Sysname-vlan2] arp detection enable
Related commands
arp detection enable
arp detection enable
Use arp detection enable to enable ARP detection.
Use undo arp detection enable to restore the default.
Syntax
arp detection enable
undo arp detection enable
Default
ARP detection is disabled.
Views
VLAN view
Default command level
2: System level
Examples
# Enable ARP detection for VLAN 2.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-Vlan2] arp detection enable
arp detection trust
Use arp detection trust to configure the port as an ARP trusted port.
Use undo arp detection trust to restore the default.
Syntax
arp detection trust
undo arp detection trust