This section describes how to check the destination addresses of ARP packets, therefore discarding packets with incorrect destination addresses and enhancing CPU protection.
Perform the following steps on the router whose ARP entries are to be prevented from being attacked:
The system view is displayed.
The interface view is displayed.
The check of the destination IP address of ARP packets is enabled.
The arp check-destination-ip enable command is used to protect the CPU. After the command is run, the system checks whether the destination IP addresses of the packets on the interface are correct. If the IP addresses are correct, packets are sent to the CPU; otherwise, packets are discarded.
The configuration is committed.