< Home

display arp anti-attack configuration check user-bind

Function

The display arp anti-attack configuration check user-bind command displays the configuration of DAI in a VLAN or on an interface.

Format

display arp anti-attack configuration check user-bind [ vlan [ vlan-id ] | interface [ interface-type interface-number ] ]

Parameters

Parameter

Description

Value

vlan [ vlan-id ]

 Displays DAI configuration in the specified VLAN.

If vlan-id is not specified, the DAI configurations in all VLANs are displayed.

vlan-id is an integer that ranges from 1 to 4094.

interface [ interface-type interface-number ]

 Displays DAI on the specified interface.

  • interface-type specifies the interface type.

  • interface-number specifies the interface number.

If interface-type interface-number is not specified, the DAI configurations on all interfaces are displayed.

If neither vlan [ vlan-id ] nor interface [ interface-type interface-number ] is specified, the DAI configurations in all VLANs and on all interfaces are displayed.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run this command to view the configuration of DAI in a VLAN or on an interface, including whether the function is enabled, check items, whether the alarm function is enabled for discarded ARP packets, and alarm threshold.

Only after DAI and the alarm function are enabled, output of this command is displayed.

Example

# Display DAI configuration on GE0/0/1.

<HUAWEI> display arp anti-attack configuration check user-bind interface gigabitethernet 0/0/1
 arp anti-attack check user-bind enable
 arp anti-attack check user-bind alarm enable
 arp anti-attack check user-bind alarm threshold 50 
 arp anti-attack check user-bind check-item ip-address
# Display ARP check configurations in all VLANs and on all interfaces.
<HUAWEI> display arp anti-attack configuration check user-bind
#                                                                               
vlan 2                                                                         
 arp anti-attack check user-bind enable                                         
 arp anti-attack check user-bind check-item ip-address 
#                                                                               
vlan 3                                                                         
 arp anti-attack check user-bind enable                                         
#                                                                               
GigabitEthernet0/0/1                                                           
 arp anti-attack check user-bind enable
 arp anti-attack check user-bind alarm enable
 arp anti-attack check user-bind alarm threshold 50 
 arp anti-attack check user-bind check-item ip-address
#
Table 1 Description of the display arp anti-attack configuration check user-bind command output

Item

Description

arp anti-attack check user-bind enable

DAI has been enabled.

You can run the arp anti-attack check user-bind enable command to enable DAI.

arp anti-attack check user-bind alarm enable

The alarm function for ARP packets discarded by DAI has been enabled.

You can run the arp anti-attack check user-bind alarm enable command to enable the alarm function.

arp anti-attack check user-bind alarm threshold 50

Alarm threshold of discarded ARP packets matching no binding entry.

You can run the arp anti-attack check user-bind alarm threshold command to set the alarm threshold.

arp anti-attack check user-bind check-item ip-address

Only the IP address is checked during ARP packet check based on binding entries.

You can run the arp anti-attack check user-bind check-item command or arp anti-attack check user-bind check-item command to specify the check item for ARP packet check based on binding entries.
Parent Topic: ARP Security Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >