Enterasys b5

To Next Page

To Previous Page

Dynamic ARP Inspection Overview

Enterasys B5 CLI Reference 17-19

Example Configuration

ThefollowingexampleconfiguresDHCPsnoopinganddynamicARPinspectioninarouting

environmentusingRIP.Theexampleconfigurestwointerfacesonthe switch,configuringRIPon

bothinterfaces,assigningeachtoadifferentVLAN,andthenenablingDHCPsnoopingand

dynamicARPinspection onthem:

•Interfacege.1.1,whichisconnected

toaremoteDHCPserver,onVLAN192

•Interfacege.1.2,whichisconnectedtoDHCPclients,onVLAN10

Inaddition,thedefaultVLAN,VLAN1,isalsoenabledforDHCPsnoopinganddynamicARP

inspection.

SincetheDHCPserverisremote,theswitchhasbeenconfiguredasaDHCPrelayagent

(withthe

iphelper‐addresscommand),toforwardclientrequeststotheDHCPserver.Therefore,MAC

addressverificationisdisabled(withthesetdhcpsnoopingverifymac‐addressdisable

command)inordertoallowDHCPRELEASEpacketstobeprocessedbytheDHCPsnooping

functionalityandclientbindingsremovedfromthebindings

database

Router Configuration

router

enable

configure

interface vlan 10

no shutdown

ip address 10.2.0.1 255.255.0.0

ip helper-address 192.168.0.200

ip rip send version 2

ip rip receive version 2

ip rip enable

exit

interface vlan 192

no shutdown

ip address 192.168.0.1 255.255.255.0

ip rip send version 2

ip rip receive version 2

ip rip enable

exit

router rip

exit

VLAN Configuration

set vlan create 10

set vlan create 192

clear vlan egress 1 ge.1.1-2

Note: This example applies only to platforms that support routing.

Main Page

Table of Contents