R211x-HP Flexfabric 11900 Security Configuration Guide
232
An interface enabled with this feature checks the sender IP and MAC addresses in a received ARP packet
against permitted entries. If a match is found, the packet is handled correctly. If not, the packet is
discarded.
Configuration guidelines
When you configure ARP filtering, follow these guidelines:
• You can configure a maximum of eight permitted entries on an interface.
• Do not configure both the arp filter source and arp filter binding commands on an interface.
• If ARP filtering operates with ARP detection or ARP snooping, ARP filtering applies first.
Configuration procedure
To configure ARP filtering:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter Layer 2 Ethernet interface
view.
interface interface-type interface-number
N/A
3. Enable ARP filtering and
configure a permitted entry.
arp filter binding ip-address
mac-address
By default, ARP filtering is
disabled.
Configuration example
Network requirements
As shown in Figure 74, the IP and MAC addresses of Host A are 10.1.1.2 and 000f-e349-1233
respectively. The IP and MAC addresses of Host B are 10.1.1.3 and 000f-e349-1234.
Configure ARP filtering on Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 of Switch B to
permit ARP packets from the two hosts only.