arp detection validate

Use arp detection validate to enable ARP packet validity check.

Use undo arp detection validate to disable ARP packet validity check.


arp detection validate { dst-mac | ip | src-mac } *

undo arp detection validate [ dst-mac | ip | src-mac ] *


ARP packet validity check is disabled.


System view

Predefined user roles




dst-mac: Checks the target MAC address of ARP responses. If the target MAC address is all-zero, all-one, or inconsistent with the destination MAC address in the Ethernet header, the packet is considered invalid and discarded.

ip: Checks the sender and target IP addresses of ARP replies, and the sender IP address of ARP requests. All-one or multicast IP addresses are considered invalid and the corresponding packets are discarded.

src-mac: Checks whether the sender MAC address in the message body is identical to the source MAC address in the Ethernet header. If they are identical, the packet is forwarded. Otherwise, the packet is discarded.

Usage guidelines

You can specify more than one object to be checked in one command line.

If no keyword is specified, the undo arp detection validate command disables ARP packet validity check for all objects.


# Enable ARP packet validity check by checking the MAC addresses and IP addresses of ARP packets.

<Sysname> system-view
[Sysname] arp detection validate dst-mac ip src-mac