Product guide
11-19
Configuring Advanced Threat Protection
Dynamic ARP Protection
To add the static configuration of an IP-to-MAC binding for a port to the
database, enter the ip source binding command at the global configuration
level.
An example of the ip source binding command is shown here:
ProCurve(config)# ip source binding 0030c1-7f49c0
interface vlan 100 10.10.20.1 interface A4
Note Note that the ip source binding command is the same command used by the
Dynamic IP Lockdown feature to configure static bindings. The Dynamic ARP
Protection and Dynamic IP Lockdown features share a common list of source
IP-to-MAC bindings.
Configuring Additional Validation Checks on ARP
Packets
Dynamic ARP protection can be configured to perform additional validation
checks on ARP packets. By default, no additional checks are performed. To
configure additional validation checks, enter the arp protect validate command
at the global configuration level.
Syntax: [no] ip source binding <mac-address> vlan <vlan-id> <ip-address>
interface <port-number>
mac-address Specifies a MAC address to bind with a VLAN and
IP address on the specified port in the DHCP
binding database.
vlan vlan-id Specifies a VLAN ID number to bind with the
specified MAC and IP addresses on the specified
port in the DHCP binding database.
ip-address Specifies an IP address to bind with a VLAN and
MAC address on the specified port in the DHCP
binding database.
interface
port-number
Specifies the port number on which the IP-to-
MAC address and VLAN binding is configured in
the DHCP binding database.
Syntax: [no] arp protect validate <[src-mac] | [dst-mac] | [ip]>
src-mac (Optional) Drops any ARP request or response
packet in which the source MAC address in the
Ethernet header does not match the sender MAC
address in the body of the ARP packet.