469
[DeviceB-Ten-GigabitEthernet1/0/3] quit
After the configurations are completed, ARP packets received on interfaces
Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 are checked against 802.1X entries.
User validity check and ARP packet validity check
configuration example
Network requirements
As shown in Figure 133, configure Device B to perform ARP packet validity check and user validity
check based on static IP source guard bindings and DHCP snooping entries for connected hosts.
Figure 133 Network diagram
Configuration procedure
1. Add all interfaces on Device B to VLAN 10, and specify the IP address of VLAN-interface 10 on
Device A. (Details not shown.)
2. Configure the DHCP server on Device A, and configure DHCP address pool 0.
<DeviceA> system-view
[DeviceA] dhcp enable
[DeviceA] dhcp server ip-pool 0
[DeviceA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0
3. Configure Host A (DHCP client) and Host B. (Details not shown.)
4. Configure Device B:
# Enable DHCP snooping.
<DeviceB> system-view
[DeviceB] dhcp snooping enable
[DeviceB] interface ten-gigabitethernet 1/0/3
[DeviceB-Ten-GigabitEthernet1/0/3] dhcp snooping trust
[DeviceB-Ten-GigabitEthernet1/0/3] quit
# Enable recording of client information in DHCP snooping entries on Ten-GigabitEthernet
1/0/1.
[DeviceB] interface ten-gigabitethernet 1/0/1
[DeviceB-Ten-GigabitEthernet1/0/1] dhcp snooping binding record
To Next Page
Loading...
