HP VPN Firewall Appliances Attack Protection Configuration Guide
59
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter VLAN view.
vlan vlan-id N/A
3. Enable ARP restricted forwarding.
arp restricted-forwarding enable
By default, ARP restricted
forwarding is disabled.
Displaying and maintaining ARP detection
Task Command
Remarks
Display the VLANs enabled
with ARP detection.
display arp detection [ | { begin | exclude |
include } regular-expression ]
Available in any view.
Display the ARP detection
statistics.
display arp detection statistics [ interface
interface-type interface-number ] [ | { begin |
exclude | include } regular-expression ]
Available in any view.
Clear the ARP detection
statistics.
reset arp detection statistics [ interface
interface-type interface-number ]
Available in user view.
Configuring ARP automatic scanning and fixed ARP
ARP automatic scanning is usually used together with the fixed ARP feature.
With ARP automatic scanning enabled on an interface, the device automatically scans neighbors on the
interface, sends ARP requests to the neighbors, obtains their MAC addresses, and creates dynamic ARP
entries.
Fixed ARP allows the device to change the existing dynamic ARP entries (including those generated
through ARP automatic scanning) into static ARP entries. The fixed ARP feature effectively prevents ARP
entries from being modified by attackers.
Use both ARP automatic scanning and fixed ARP in small-scale networks such as a cybercafe.
Configuring the ARP automatic scanning and fixed
ARP in the Web interface
ARP automatic scanning is usually used together with the fixed ARP feature.
Configuration guidelines
When you configure ARP automatic scanning and fixed ARP, follow these guidelines:
• With ARP automatic scanning enabled on an interface, the device automatically scans neighbors
on the interface, sends ARP requests to the neighbors, obtains their MAC addresses, and creates
dynamic ARP entries.
• Fixed ARP allows the device to change the existing dynamic ARP entries (including those generated
through ARP automatic scanning) into static ARP entries. The fixed ARP feature effectively prevents
ARP entries from being modified by attackers.