No relevant resource is found in the selected language.
Enterprise
Worldwide
Huawei Global - English
Support Documentation
WLAN AC V200R010C00 Command Reference
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
arp anti-attack check user-bind enable

arp anti-attack check user-bind enable

Function

The arp anti-attack check user-bind enable command enables DAI on an interface or in a VLAN. DAI enables the device to check ARP packets based on binding entries.

The undo arp anti-attack check user-bind enable command disables DAI on an interface or in a VLAN.

By default, DAI is disabled on an interface or in a VLAN.

Format

arp anti-attack check user-bind enable

undo arp anti-attack check user-bind enable

Parameters

None

Views

GE interface view, XGE interface view, port group view, Eth-Trunk interface view, VLAN view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To prevent MITM attacks and theft on authorized user information, run the arp anti-attack check user-bind enable command to enable DAI. When a device receives an ARP packet, it compares the source IP address, source MAC address, VLAN ID, and interface number of the ARP packet with binding entries. If the ARP packet matches a binding entry, the device considers the ARP packet valid and allows the packet to pass through. If the ARP packet matches no binding entry, the device considers the ARP packet invalid and discards the packet.

You can enable DAI in the interface view or the VLAN view. When DAI is enabled in the interface view, the device checks all ARP packets received on the interface based on binding entries. When DAI is enabled in the VLAN view, the device checks ARP packets received on interfaces belong to the VLAN based on binding entries.

Precautions

The arp anti-attack check user-bind enable command and the aggregate-vlan command cannot be used simultaneously.

Follow-up Procedure

Run the arp anti-attack check user-bind check-item (interface view) or arp anti-attack check user-bind check-item (VLAN view) command to configure check items for ARP packet check based on binding entries.

Example

# Enable DAI on GE0/0/1.
<AC6605> system-view
[AC6605] interface gigabitethernet 0/0/1
[AC6605-GigabitEthernet0/0/1] arp anti-attack check user-bind enable
# Enable DAI in VLAN 100.
<AC6605> system-view
[AC6605] vlan 100
[AC6605-vlan100] arp anti-attack check user-bind enable
Translation
简体中文
Download
Updated: 2021-02-27

Document ID: EDOC1100064351

Views: 3175027

Downloads: 595

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next
Huawei e+ App Huawei e+

Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :