R21xx-HP FlexFabric 11900 Security Command Reference
175
The start IP address and end IP address must be on the same network as the primary IP address or
manually configured secondary IP addresses of the interface.
IP addresses already exist in ARP entries are not scanned.
ARP automatic scanning might take some time. To stop an ongoing scan, press Ctrl + C. Dynamic ARP
entries are created based on ARP replies received before the scan is terminated.
Examples
# Configure the device to scan the neighbors on the network where the primary IP address of
VLAN-interface 2 resides.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] arp scan
# Configure the device to scan neighbors on the specified address range.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] arp scan 1.1.1.1 to 1.1.1.20
ARP gateway protection commands
arp filter source
Use arp filter source to enable ARP gateway protection for a specified gateway.
Use undo arp filter source to disable ARP gateway protection for a specified gateway.
Syntax
arp filter source ip-address
undo arp filter source ip-address
Default
ARP gateway protection is disabled.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IP address of a protected gateway.
Usage guidelines
You can enable ARP gateway protection for up to eight gateways on an interface.
You cannot configure both arp filter source and arp filter binding commands on the same interface.
Examples
# Enable ARP gateway protection for the gateway with IP address 1.1.1.1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1