218Configuring ARP packet source MAC consistencycheckThis feature enables a gateway to filter out ARP packets whose source MAC address in the Ethernetheader is different from the sender MAC address in the message body, so that the gateway can learncorrect ARP entries.To enable ARP packet source MAC address consistency check:Step Command Remarks1. Enter system view. system-view N/A2. Enable ARP packet source MAC addressconsistency check. arp valid-check enableBy default, ARP packet sourceMAC address consistency checkis disabled.Configuring ARP active acknowledgementConfigure this feature on gateway devices to prevent user spoofing.ARP active acknowledgement prevents a gateway from generating incorrect ARP entries. For moreinformation about its working mechanism, see ARP Attack Protection Technology White Paper.To configure ARP active acknowledgement:Step Command Remarks1. Enter system view. system-view N/A2. Enable the ARP activeacknowledgement function. arp active-ack enable By default, ARP active acknowledgementfunction is disabled.Configuring ARP detectionARP detection enables access devices to block ARP packets from unauthorized clients to prevent userspoofing and gateway spoofing attacks. ARP detection does not check ARP packets received from ARPtrusted ports.ARP detection provides the user validity check and ARP packet validity check functions.If both ARP packet validity check and user validity check are enabled, the former one applies first, andthen the latter applies.Configuring user validity checkUpon receiving an ARP packet from an ARP untrusted interface, the device compares the sender IP andMAC addresses against the static IP source guard binding entries and the DHCP snooping entries. If amatch is found from those entries, the ARP packet is considered valid and is forwarded. If no match isfound, the ARP packet is considered invalid and is discarded.