By configuring strict ARP entry learning in the system view, a device learns only address information carried in the ARP Reply packets corresponding to the ARP Request packets sent by the device. The device does not learn address information carried in the ARP Request packets sent from other devices. Strict ARP entry ensures the security of the device.
Perform the following steps on the FW that needs to be configured with ARP security features:
system-view
arp learning strict
By default, strict ARP learning is disabled.
After the arp learning strict command is run, the FW learns only reply packets for the ARP request packets sent itself.