ARP Detection Configuration

arp detection configuration arp detection configuration show anti attack check config show anti attack check config \[command] show anti attack ckeck config \[purpose] view arp detection configuration \[view] system view \[use cases] sonic# show anti attack check config + + + \| interfaces | check mode | +==============+==============+ \| vlan43 | true | + + + arp anti attack check enable arp anti attack check enable \[command] arp anti attack check enable no arp anti attack check enable \[purpose] enable the arp detection function of the interface \[view] vlan view \[notes] after enabling arp snooping detection function, the device will compare the source ip, source mac, snooping table entry and user bind table entry of the received arp packet, if it can hit, the user of the arp packet is a legitimate user and the arp packet of this user is allowed to pass, otherwise it is considered an illegal user and the arp packet is dropped \[use cases] sonic(config)# vlan 100 sonic(config vlan 100)# arp anti attack check enable arp anti attack check trusted interface arp anti attack check trusted interface \[command] arp anti attack check trusted interface vlan vlan id no arp anti attack check trusted interface vlan vlan id \[purpose] configuring arp detection trusted ports \[view] vlan view \[notes] after configured as an arp detection trusted port, arp packets received from this port will not be checked and all are allowed to pass \[use cases] sonic(config)# interface ethernet 1 sonic(config if 1)# arp anti attack check trusted interface vlan 10 arp anti attack check alarm enable arp anti attack check alarm enable \[command] arp anti attack check alarm enable arp anti attack check alarm threshold alarm threshold \[purpose] enable the packet inspection alarm function \[view] interface view \[notes] when this feature is enabled, when the packets discarded on the device due to the packet inspection function exceed the alarm threshold, a log is recorded \[use cases] sonic(config)# interface ethernet 1 sonic(config if 1)# arp anti attack check alarm enable