1-12
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter interface view
interface
interface-type interface-number
—
Enable ARP automatic
scanning
arp scan
[
start-ip-address
to
end-ip-address
]
Required
Return to system view
quit
—
Enable fixed ARP
arp fixup
Optional
z
IP addresses already existent in ARP entries are not scanned.
z
ARP automatic scanning may take some time. To stop an ongoing scan, press
Ctrl
+
C
. Dynamic
ARP entries are created based on ARP replies received before the scan is terminated.
z
Fixed ARP changes dynamic ARP entries into static only when these entries are learnt on a Layer
3 Ethernet interface, Layer 3 Ethernet subinterface, or VLAN interface.
z
The static ARP entries changed from dynamic ARP entries have the same attributes as the static
ARP entries manually configured. Use the
arp fixup
command to change the recently created
dynamic ARP entries into static.
z
The number of static ARP entries changed from dynamic ARP entries is restricted by the number
of static ARP entries that the device supports. As a result, the device may fail to change all
dynamic ARP entries into static.
z
To delete a specific static ARP entry changed from a dynamic one, use the
undo arp
ip-address
[
vpn-instance-name
] command. To delete all such static ARP entries, use the
reset arp all
or
reset arp static
command.
Configuring ARP Gateway Protection
Introduction
The ARP gateway protection feature, if configured on ports not connected with the gateway, can block
gateway spoofing attacks as follows:
When such a port receives an ARP packet, it checks whether the sender IP address in the packet is
consistent with that of any protected gateway. If yes, it discards the packet. If not, it handles the packets
normally.
Configuration Procedure
Follow these steps to configure ARP gateway protection:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter Layer 2 Ethernet interface
view
interface interface-type
interface-number
—
Summary of Contents for S5500-SI Series
Page 161: ...3 10 GigabitEthernet1 0 1 2 MANUAL...
Page 220: ...1 7 Clearing ARP entries from the ARP table may cause communication failures...
Page 331: ...1 7 1 1 ms 1 ms 1 ms 1 1 6 1 2 1 ms 1 ms 1 ms 1 1 4 1 3 1 ms 1 ms 1 ms 1 1 2 2 Trace complete...
Page 493: ...2 8...
Page 1111: ...1 10 Installing patches Installation completed and patches will continue to run after reboot...