186
Enabling ARP detection in SVLANs
The ARP detection function enables a switch to modify the VLAN attributes of ARP packets, which is
impossible under the normal ARP packet processing procedure. For more information about ARP detection,
see the Security Configuration Guide.
To enable ARP detection in all SVLANs:
To do... Use the command... Remarks
1. Enter system view
system-view —
2. Enter VLAN view
vlan vlan-id ––
3. Enable ARP detection
arp detection enable
Required
Disabled by default
To defend against ARP attacks, enable ARP detection also in all CVLANs.
Configuring an uplink policy
To configure an uplink policy to map a group of CVLANs to one SVLAN:
To do... Use the command... Remarks
1. Enter system view
system-view —
2. Create a class and enter class
view
traffic classifier tcl-name operator
or
3. Configure multiple CVLANs
as match criteria
if-match customer-vlan-id { vlan-id-
list | vlan-id1 to vlan-id2 }
4. Return to system view
quit
Required.
Repeat these steps to configure
one class for each group of
CVLANs.
5. Create a traffic behavior and
enter traffic behavior view
traffic behavior behavior-name
6. Configure an SVLAN marking
action
remark service-vlan-id vlan-id
7. Return to system view
quit
Required.
Repeat these steps to configure
one behavior for each SVLAN.
8. Create a QoS policy and
enter QoS policy view
qos policy policy-name Required.
9. Map the CVLANs to the
SVLAN by associating the
class with the behavior
classifier tcl-name behavior
behavior-name mode dot1q-tag-
manipulation
Required.
Repeat this step to create other
CVLANs-to-SVLAN mappings.
Configuring the customer-side port
To configure the customer-side port:
To do... Use the command... Remarks
1. Enter system view
system-view —
2. Enter Layer 2 Ethernet
interface view
interface interface-type interface-
number
—
3. Configure the port as a trunk
port
port link-type trunk
Required.
The default link type of an
Ethernet port is access.
To Next Page
Loading...
