EasyManua.ls Logo

3Com 4210 9-Port - ARP Configuration Example; ARP Basic Configuration Example; ARP Attack Detection and Packet Rate Limit Configuration Example

3Com 4210 9-Port
870 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
1-9
Table 1-8 Display and debug ARP
Operation Command Remarks
Display specific ARP mapping
table entries
display arp [ static | dynamic |
ip-address ]
Display the ARP mapping entries
related to a specified string in a
specified way
display arp [ dynamic | static ] | { begin
| include | exclude } regular-expression
Display the number of the ARP
entries of a specified type
display arp count [ [ dynamic | static ]
[ | { begin | include | exclude }
regular-expression ] | ip-address ]
Display the statistics about the
untrusted ARP packets dropped
by the specified port
display arp detection statistics
interface interface-type
interface-number
Display the setting of the ARP
aging timer
display arp timer aging
Available in any
view.
Clear specific ARP entries
reset arp [ dynamic | static | interface
interface-type interface-number ]
Available in user
view.
ARP Configuration Example
ARP Basic Configuration Example
Network requirement
z Disable ARP entry check on the switch.
z Set the aging time for dynamic ARP entries to 10 minutes.
z Add a static ARP entry, with the IP address being 192.168.1.1, the MAC address being
000f-e201-0000, and the outbound port being Ethernet1/0/10 of VLAN 1.
Configuration procedure
<Sysname> system-view
[Sysname] undo arp check enable
[Sysname] arp timer aging 10
[Sysname] arp static 192.168.1.1 000f-e201-0000 1 Ethernet1/0/10
ARP Attack Detection and Packet Rate Limit Configuration Example
Network requirements
As shown in Figure 1-4, Ethernet1/0/1 of Switch A connects to DHCP Server; Ethernet1/0/2 connects to
Client A, Ethernet1/0/3 connects to Client B. Ethernet1/0/1, Ethernet1/0/2 and Ethernet1/0/3 belong to
VLAN 1.
z Enable DHCP snooping on Switch A and specify Ethernet1/0/1 as the DHCP snooping trusted port.
z Enable ARP attack detection in VLAN 1 to prevent ARP man-in-the-middle attacks, and specify
Ethernet1/0/1 as the ARP trusted port.
z Enable the ARP packet rate limit function on Ethernet1/0/2 and Ethernet1/0/3 of Switch A, so as to
prevent Client A and Client B from attacking Switch A through ARP traffic.

Table of Contents

Related product manuals