70
Enhancements
Release L.10.28 Enhancements
An example of the
ip source binding
command is shown here:
ProCurve(config)# ip source binding 0030c1-7f49c0
interface vlan 100 10.10.20.1 interface A4
N o t e
Note that the
ip source binding
command is the same command used by the Dynamic IP Lockdown
feature to configure static bindings. The Dynamic ARP Protection and Dynamic IP Lockdown features
share a common list of source IP-to-MAC bindings.
Configuring Additional Validation Checks on ARP Packets
Dynamic ARP protection can be configured to perform additional validation checks on ARP packets.
By default, no additional checks are performed. To configure additional validation checks, enter the
arp protect validate
command at the global configuration level.
You can configure one or more of the validation checks. The following example of the
arp protect
validate
command shows how to configure the validation checks for source MAC address and
destination AMC address:
ProCurve(config)# arp protect validate src-mac dst-mac
Syntax:
[no] arp protect validate <[src-mac] | [dst-mac] | [ip]>
src-mac
(Optional) Drops any ARP request or response
packet in which the source MAC address in the
Ethernet header does not match the sender MAC
address in the body of the ARP packet.
dst-mac
(Optional) Drops any unicast ARP response packet
in which the destination MAC address in the
Ethernet header does not mach the target MAC
address in the body of the ARP packet.
ip
(Optional) Drops any ARP packet in which the
sender IP address is invalid. Drops any ARP
response packet in which the target IP address is
invalid. Invalid IP addresses include: 0.0.0.0,
255.255.255.255, all IP multicast addresses, and
all Class E IP addresses.