HP MSR2000/3000/4000 Router Series Security Configuration Guide
279
With authorized ARP enabled, an interface is disabled from learning dynamic ARP entries to prevent user
spoofing and allows only authorized clients to access network resources.
Configuration procedure
To enable authorized ARP:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter Layer 3 Ethernet interface or
Layer 3 Ethernet subinterface view.
interface interface-type
interface-number
N/A
3. Enable authorized ARP on the
interface.
arp authorized enable
By default, authorized ARP is
disabled.
Configuration example (on a DHCP server)
Network requirements
Configure authorized ARP on Ethernet 1/1 of Router A (a DHCP server) to ensure user validity.
Figure 79 Network diagram
Configuration procedure
1. Configure Router A:
# Specify the IP address for Ethernet 1/1.
<RouterA> system-view
[RouterA] interface ethernet 1/1
[RouterA-Ethernet1/1] ip address 10.1.1.1 24
[RouterA-Ethernet1/1] quit
# Configure DHCP.
[RouterA] dhcp enable
[RouterA] dhcp server ip-pool 1
[RouterA-dhcp-pool-1] network 10.1.1.0 mask 255.255.255.0
[RouterA-dhcp-pool-1] quit
# Enter Layer 3 Ethernet interface view.
[RouterA] interface ethernet 1/1
# Enable authorized ARP.
[RouterA-Ethernet1/1] arp authorized enable
[RouterA-Ethernet1/1] quit
2. Configure Router B:
<RouterB> system-view
[RouterB] interface ethernet 1/1