No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
arp anti-attack entry-check enable

arp anti-attack entry-check enable

Function

The arp anti-attack entry-check enable command enables ARP entry fixing.

The undo arp anti-attack entry-check enable command disables ARP entry fixing.

By default, ARP entry fixing is disabled.

Format

arp anti-attack entry-check { fixed-mac | fixed-all | send-ack } enable

undo arp anti-attack entry-check enable

Parameters

Parameter Description Value
fixed-mac

Indicates ARP entry fixing in fixed-mac mode.

When receiving an ARP packet, the device discards the packet if the MAC address does not match the MAC address in the corresponding ARP entry. If the MAC address in the ARP packet matches that in the corresponding ARP entry while the interface number or VLAN ID does not match that in the ARP entry, the device updates the interface number or VLAN ID in the ARP entry.

-
fixed-all

Indicates ARP entry fixing in fixed-all mode.

When the MAC address, interface number, and VLAN ID of an ARP packet match those in the corresponding ARP entry, the device updates other information about the ARP entry.

-
send-ack

Indicates ARP entry fixing in send-ack mode.

When the device receives an ARP packet with a changed MAC address, interface number, or VLAN ID, it does not immediately update the corresponding ARP entry. Instead, the device sends a unicast ARP Request packet to the user with the IP address mapped to the original MAC address in the ARP entry, and then determines whether to change the MAC address, VLAN ID, or interface number in the ARP entry depending on the response from the user.

-

Views

System view

Default Level

2: Configuration level

Usage Guidelines

To defend against ARP address spoofing attacks, enable ARP entry fixing. The fixed-mac, fixed-all, and send-ack modes are applicable to different scenarios and are mutually exclusive:
  • The fixed-mac mode applies to networks that use static IP addresses and have redundant links. When services are switched on the link, the ARP interface can change rapidly.
  • The fixed-all mode applies to networks that use static IP addresses and have no redundant link, and the scenario where users with the same IP address access the device using the same interface.
  • The send-ack mode applies to networks that use dynamic IP addresses and have redundant links.

Example

# Enable ARP entry fixing and specify the fixed-mac mode.
<Huawei> system-view
[Huawei] arp anti-attack entry-check fixed-mac enable
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 196716

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next