1-8
To do… Use the command… Remarks
Display the statistics about the
untrusted ARP packets
dropped by the specified port
display arp detection
statistics interface
interface-type interface-number
Display the setting of the ARP
aging timer
display arp timer aging
Clear specific ARP entries
reset arp [ dynamic | static |
interface interface-type
interface-number ]
Available in user view
ARP Configuration Examples
ARP Basic Configuration Example
Network requirements
z Disable ARP entry check on the switch.
z Set the aging time for dynamic ARP entries to 10 minutes.
z Add a static ARP entry, with the IP address being 192.168.1.1, the MAC address being
000f-e201-0000, and the outbound port being GigabitEthernet 1/0/10 of VLAN 1.
Configuration procedure
<Sysname> system-view
[Sysname] undo arp check enable
[Sysname] arp timer aging 10
[Sysname] arp static 192.168.1.1 000f-e201-0000 1 GigabitEthernet1/0/10
ARP Attack Detection Configuration Example
Network requirements
As shown in Figure 1-4, GigabitEthernet 1/0/1 of Switch A connects to DHCP Server; GigabitEthernet
1/0/2 connects to Client A, GigabitEthernet 1/0/3 connects to Client B. GigabitEthernet 1/0/1,
GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 belong to VLAN 1.
z Enable DHCP snooping on Switch A and specify GigabitEthernet 1/0/1 as the DHCP snooping
trusted port.
z Enable ARP attack detection in VLAN 1 to prevent ARP man-in-the-middle attacks, and specify
GigabitEthernet 1/0/1 as the ARP trusted port.
To Next Page
Loading...
