ARP Detection Configuration
show anti-attack-check config
Section titled “show anti-attack-check config”[Command show anti-attack-ckeck config
[Purpose] View ARP detection configuration
[View] System view
[Use Cases]
sonic# show anti-attack-check config+--------------+--------------+| Interfaces | Check mode |+==============+==============+| Vlan43 | true |+--------------+--------------+arp anti-attack-check enable
Section titled “arp anti-attack-check enable”[Command] arp anti-attack-check enable no arp anti-attack-check enable
[Purpose] Enable the ARP detection function
[View] VLAN view,Interface view
[Usage Scenario] After enabling ARP Snooping detection function, the device will compare the source IP, source MAC, snooping table entry and User-bind table entry of the received ARP packet, if it can hit, the user of the ARP packet is a legitimate user and the ARP packet of this user is allowed to pass, otherwise it is considered an illegal user and the ARP packet is dropped.
[Use Cases]
sonic(config)# vlan 100sonic(config-vlan-100)# arp anti-attack-check enablearp anti-attack-check trusted-interface
Section titled “arp anti-attack-check trusted-interface”[Command] arp anti-attack-check trusted-interface vlan vlan_id arp anti-attack-check trusted-interface no arp anti-attack-check trusted-interface vlan vlan_id no arp anti-attack-check trusted-interface
[Purpose] Configuring ARP detection trusted ports or trusted VLAN
[View] Interface view
[Notes] After configured as an ARP detection trusted port, ARP packets received from this port will not be checked and all are allowed to pass.
[Use Cases]
sonic(config)# interface ethernet 1sonic(config-if-1)# arp anti-attack-check trusted-interface vlan 10