Configuring The Checking Of Sender Ip Addresses For Arp Packets - HP FlexNetwork 10500 Series Security Configuration Manual

Verifying the configuration
# Verify that GigabitEthernet 1/0/1 permits ARP packets from Host A and discards other ARP
packets.
# Verify that GigabitEthernet 1/0/2 permits ARP packets from Host B and discards other ARP
packets.
Configuring the checking of sender IP addresses
for ARP packets
This feature allows a gateway to check the sender IP address of an ARP packet before ARP learning.
If the sender IP address is within the allowed IP address range, the gateway continues ARP learning.
If the sender IP address is out of the range, the gateway determines the ARP packet as an attack
packet and discards it.
When you specify the sender IP address range for this feature, follow these restrictions and
guidelines:
•
When a super VLAN is associated with sub-VLANs, you can configure this feature in the
sub-VLANs to check the ARP packets in the sub-VLANs. For information about super VLANs
and sub-VLANs, see Layer 2—LAN Switching Configuration Guide.
•
If Layer 3 communication is configured between the specified secondary VLANs associated
with a primary VLAN, configure the sender IP address range in the primary VLAN. If Layer 3
communication is not configured between the secondary VLANs associated with a primary
VLAN, configure the sender IP address range in the target VLAN. For information about primary
VLANs and secondary VLANs, see Layer 2—LAN Switching Configuration Guide.
To configure the checking of sender IP addresses for ARP packets:
Step
1. Enter system view.
2. Enter VLAN view.
3. Specify the sender IP
address range for ARP
packet checking.
Command
system-view
vlan vlan-id
arp sender-ip-range
start-ip-address end-ip-address
447
Remarks
N/A
N/A
By default, no sender IP address
range is specified for ARP packet
checking.