EasyManua.ls Logo

3Com 4210G Series - ARP Detection Configuration Example II

3Com 4210G Series
1133 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
4-10
Configuration procedure
1) Add all the ports on Switch B into VLAN 10, and configure the IP address of VLAN-interface 10 on
Switch A (the configuration procedure is omitted).
2) Configure a DHCP server (the configuration procedure is omitted).
3) Configure Host A and Host B as DHCP clients (the configuration procedure is omitted).
4) Configure Switch B
# Enable DHCP snooping.
<SwitchB> system-view
[SwitchB] dhcp-snooping
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] dhcp-snooping trust
[SwitchB-GigabitEthernet1/0/1] quit
# Enable ARP detection for VLAN 10. Configure the upstream port as a trusted port and the
downstream ports as untrusted ports (a port is an untrusted port by default).
[SwitchB] vlan 10
[SwitchB-vlan10] arp detection enable
[SwitchB-vlan10] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] arp detection trust
[SwitchB-GigabitEthernet1/0/1] quit
# Configure a static IP Source Guard binding entry on GigabitEthernet 1/0/2.
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] user-bind ip-address 10.1.1.5 mac-address 0001-0203-0405
vlan 10
[SwitchB-GigabitEthernet1/0/2] quit
# Configure a static IP Source Guard binding entry on GigabitEthernet 1/0/3.
[SwitchB] interface gigabitethernet 1/0/3
[SwitchB-GigabitEthernet1/0/3] user-bind ip-address 10.1.1.6 mac-address 0001-0203-0607
vlan 10
[SwitchB-GigabitEthernet1/0/3] quit
# Configure a static IP-to-MAC binding.
[SwitchB] arp detection static-bind 10.1.1.1 000f-e249-8050
# Enable ARP detection based on both DHCP snooping entries and static IP-to-MAC bindings.
[SwitchB] arp detection mode dhcp-snooping
[SwitchB] arp detection mode static-bind
# Enable the checking of the MAC addresses and IP addresses of ARP packets.
[SwitchB] arp detection validate dst-mac ip src-mac
ARP Detection Configuration Example II
Network requirements
z Enable 802.1X on Switch B. Enable ARP detection for VLAN 10 to allow only packets from valid
clients to pass.
z Configure Host A and Host B as local 802.1X access users.

Table of Contents

Other manuals for 3Com 4210G Series

Preview: Getting Started Guide
Getting Started Guide78 pages

Related product manuals