Manualshelf

R3102-R3103-HP 6600/HSR6600 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6602-G TAA-compliant Router
531532533534535536537538539540
526
The arp filter source and arp filter binding command cannot be both configured on an interface.
If ARP filtering works with ARP detection and ARP snooping, ARP filtering applies first.
To configure ARP filtering:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter Layer 2 Ethernet interface
view.
interface interface-type interface-number
N/A
3. Enable ARP filtering and
configure a permitted entry.
arp filter binding ip-address
mac-address
This feature is disabled by
default.
ARP filtering configuration example
Network requirements
As shown in Figure 255, the IP and MAC addresses of Host A are 10.1.1.2 and 000f-e349-1233,
respectively. The IP and MAC addresses of Host B are 10.1.1.3 and 000f-e349-1234, respectively.
Configure ARP filtering on GigabitEthernet 3/0/1 and GigabitEthernet 3/0/2 of Router B to permit ARP
packets from only the two hosts.
Figure 255 Network diagram
Configuration procedure
# Configure ARP filtering on Router B.
<RouterB> system-view
[RouterB] interface gigabitethernet 3/0/1
[RouterB-GigabitEthernet3/0/1] arp filter binding 10.1.1.2 000f-e349-1233
[RouterB-GigabitEthernet3/0/1] quit
[RouterB] interface gigabitethernet 3/0/2
[RouterB-GigabitEthernet3/0/2] arp filter binding 10.1.1.3 000f-e349-1234
After the configuration is complete, GigabitEthernet 3/0/1 permits ARP packets from Host A, and
discard other ARP packets. GigabitEthernet 3/0/2 permits ARP packets from Host B and discard other
ARP packets.