1-10
[SwitchB-GigabitEthernet1/0/3] quit
# Enable the checking of the MAC addresses and IP addresses of ARP packets.
[SwitchB] arp detection validate dst-mac ip src-mac
After the preceding configurations are complete, when ARP packets arrive at interfaces
GigabitEthernet1/0/2 and GigabitEthernet1/0/3, their MAC and IP addresses are checked, and then the
packets are checked against the static IP Source Guard binding entries and finally DHCP snooping
entries.
ARP Detection Configuration Example II
Network requirements
As shown in
, configure Switch A as a DHCP server and enable 802.1X on Switch B. Enable
ARP detection for VLAN 10 to allow only packets from valid clients to pass. Configure Host A and Host
B as local 802.1X access users.
Figure 1-2
Network diagram for ARP detection configuration
Configuration procedure
1) Add all the ports on Switch B into VLAN 10, and configure the IP address of VLAN-interface 10 on
Switch A. (Omitted)
2) Configure
Switch
A as a DHCP server
# Configure DHCP address pool 0
<SwitchA> system-view
[SwitchA] dhcp enable
[SwitchA] dhcp server ip-pool 0
[SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0
3) Configure Host A and Host B as 802.1X clients (the configuration procedure is omitted) and
configure them to upload IP addresses for ARP detection.
4) Configure Switch B
# Enable the 802.1X function.
<SwitchB> system-view
Summary of Contents for S5500-SI Series
Page 161: ...3 10 GigabitEthernet1 0 1 2 MANUAL...
Page 220: ...1 7 Clearing ARP entries from the ARP table may cause communication failures...
Page 331: ...1 7 1 1 ms 1 ms 1 ms 1 1 6 1 2 1 ms 1 ms 1 ms 1 1 4 1 3 1 ms 1 ms 1 ms 1 1 2 2 Trace complete...
Page 493: ...2 8...
Page 1111: ...1 10 Installing patches Installation completed and patches will continue to run after reboot...