4000 Router Series Security Command Reference

408

The start IP address and end IP address must be on the same network as the primary IP address or

manually configured secondary IP addresses of the interface.

IP addresses already exist in ARP entries are not scanned.

ARP automatic scanning might take some time. To stop an ongoing scan, press Ctrl + C. Dynamic ARP

entries are created based on ARP replies received before the scan is terminated.

Examples

# Configure the device to scan neighbors on the network where the primary IP address of Ethernet 1/1

resides.

<Sysname> system-view

[Sysname] interface ethernet 1/1

[Sysname-Ethernet1/1] arp scan

# Configure the device to scan neighbors in a specific address range.

<Sysname> system-view

[Sysname] interface ethernet 1/1

[Sysname-Ethernet1/1] arp scan 1.1.1.1 to 1.1.1.20

ARP gateway protection commands

NOTE:

ateway protection is not supported in the current release, and it is reserved for future use.

arp filter source

Use arp filter source to enable ARP gateway protection for a specific gateway.

Use undo arp filter source to disable ARP gateway protection for a specific gateway.

Syntax

arp filter source ip-address

undo arp filter source ip-address

Default

ARP gateway protection is disabled.

Views

Layer 2 Ethernet interface view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the IP address of a protected gateway.

Usage guidelines

You can enable ARP gateway protection for up to eight gateways on an interface.

You cannot configure both arp filter source and arp filter binding commands on the same interface.