HP VPN Firewall Appliances Attack Protection Command Reference
46
Default command level
2: System level
Usage guidelines
This feature is configured on gateway devices to identify invalid ARP packets.
Examples
# Enable the ARP active acknowledgement function.
<Sysname> system-view
[Sysname] arp anti-attack active-ack enable
ARP detection configuration commands
The following matrix shows the feature and hardware compatibility:
Hardware Com
p
atibilit
y
F1000-A-EI/F1000-S-EI Yes
F1000-E No
F5000 No
F5000-S/F5000-C No
VPN firewall modules No
20-Gbps VPN firewall modules No
arp detection
Use arp detection to configure a user validity check rule.
Use undo arp detection to restore the default.
Syntax
arp detection id-number { deny | permit } ip { any | ip-address [ ip-address-mask ] } mac { any |
mac-address [ mac-address-mask ] } [ vlan vlan-id ]
undo arp detection id-number
Default
No user validity check rule is specified.
Views
System view
Default command level
2: System level
Parameters
id-number: Specifies the sequence number of the user validity check rule, in the range of 0 to 511. T h e
smaller the value, the higher the priority.
deny: Denies the matching ARP packets.