In the network attached to the NE40, a PC attacks the network. Therefore, it is required to configure ARP binding of the PC. In the system view, however, when ARP binding is configured, there are two MAC addresses corresponding to the IP address in the ARP entry. One is static and the other is dynamically learnt. That is, ARP binding fails.
The configuration is as follows:
arp static 192.168.101.2 0018-8b89-d949 vpn-instance YNBTN_CAIWUThe corresponding entry is as follows:
IP Address MAC Address VlanID Type VPN-Instance Interface
192.168.101.2 0018-8b89-d949 S YNBTN_CAIWU
192.168.101.2 0050-8bb3-c8b3 98 D YNBTN_CAIWU Eth8/0/1
The above information shows that the interface eth 8/0/1 learns the incorrect MAC address corresponding to 192.168.101.2. As a result, the PC still attacks the network by using forged MAC addresses.
Associate ARP binding with the interface and then there is only the static MAC address in the ARP entry. The configuration is as follows:
arp static 192.168.101.2 0018-8b89-d949 vid 98 interface ethernet 8/0/1
When an IP address is bound to a MAC address, the binding must be associated with an interface. The related command is: static ip-address mac-address vid vlan-id interface interface-type interface-numberThe command is applicable for VRP5.3.