R0106-HP MSR Router Series Security Configuration Guide(V7)
409
Type: S-Static D-Dynamic O-Openflow M-Multiport I-Invalid
IP Address MAC Address VLAN Interface Aging Type
10.1.1.2 0012-3f86-e94c N/A GE2/1/1 20 D
The output shows that IP address 10.1.1.2 has been assigned to Device B.
Device B must use the IP address and MAC address in the authorized ARP entry to communicate with
Device A. Otherwise, the communication fails. Thus user validity is ensured.
Configuration example (on a DHCP relay agent)
Network requirements
As shown in Figure 123, configure authorized ARP on GigabitEthernet 2/1/2 of Device B (a DHCP relay
agent) to ensure user validity.
Figure 123 Network diagram
Configuration procedure
1. Configure Device A:
# Specify the IP address for GigabitEthernet 2/1/1.
<DeviceA> system-view
[DeviceA] interface gigabitethernet 2/1/1
[DeviceA-GigabitEthernet2/1/1] ip address 10.1.1.1 24
[DeviceA-GigabitEthernet2/1/1] quit
# Configure DHCP.
[DeviceA] dhcp enable
[DeviceA] dhcp server ip-pool 1
[DeviceA-dhcp-pool-1] network 10.10.1.0 mask 255.255.255.0
[DeviceA-dhcp-pool-1] gateway-list 10.10.1.1
[DeviceA-dhcp-pool-1] quit
[DeviceA] ip route-static 10.10.1.0 24 10.1.1.2
2. Configure Device B:
# Enable DHCP.
<DeviceB> system-view
[DeviceB] dhcp enable
# Specify the IP addresses of GigabitEthernet 2/1/1 and GigabitEthernet 2/1/2.
[DeviceB] interface gigabitethernet 1/0/1
[DeviceB-GigabitEthernet2/1/1] ip address 10.1.1.2 24
DHCP clientDHCP server
Device A Device C
G
E2/
1/1
10.1.1
.1/2
4
GE2/1/2
DHCP relay agent
Device B
G
E
2
/1
/1
10.1.1.2
/
24
G
E
2
/1
/2
10.10.1.1/24