To do…

Use the command…

Remarks

 

 

 

Enable the ARP entry

 

 

 

 

 

checking function (that

 

Optional

 

 

 

is, disable the device

 

 

 

 

arp check enable

By default, the ARP entry checking

 

 

 

from learning ARP

 

 

 

 

function is enabled.

 

 

 

entries with multicast

 

 

 

 

MAC addresses)

 

 

 

 

 

 

 

 

 

z

z

z

Static ARP entries are valid as long as the device operates normally. But some operations, such as removing a VLAN, or removing a port from a VLAN, will make the corresponding ARP entries invalid and therefore removed automatically.

As for the arp static command, the value of the vlan-idargument must be the ID of an existing VLAN, and the port identified by the interface-typeand interface-numberarguments must belong to the VLAN.

Currently, static ARP entries cannot be configured on the ports of an aggregation group.

Configuring ARP Attack Detection

Follow these steps to configure the ARP attack detection function:

 

To do…

 

Use the command…

 

Remarks

 

Enter system view

 

system-view

 

 

 

 

 

 

 

 

 

 

 

 

Required

 

Enable DHCP snooping

 

dhcp-snooping

 

By default, the DHCP snooping

 

 

 

 

 

function is disabled.

 

 

 

 

 

 

 

Enter Ethernet port view

 

interface interface-type

 

 

 

interface-number

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Required

 

Specify the current port as a

 

dhcp-snooping trust

 

By default, after DHCP

 

trusted port

 

 

snooping is enabled, all ports of

 

 

 

 

 

 

 

 

 

a device are untrusted ports.

 

 

 

 

 

 

 

Quit to system view

 

quit

 

 

 

 

 

 

 

 

Enter VLAN view

 

vlan vlan-id

 

 

 

 

 

 

 

 

 

 

 

 

Required

 

Enable the ARP attack

 

arp detection enable

 

By default, ARP attack

 

detection function

 

 

detection is disabled on all

 

 

 

 

 

 

 

 

 

ports.

 

 

 

 

 

 

 

Quit to system view

 

quit

 

 

 

 

 

 

 

 

Enter Ethernet port view

 

interface interface-type

 

 

 

interface-number

 

 

 

 

 

 

 

 

 

 

 

 

 

Configure the port as an ARP

 

 

 

Optional

 

 

arp detection trust

 

By default, a port is an

 

trusted port

 

 

 

 

 

 

untrusted port.

 

 

 

 

 

 

 

 

 

 

 

 

1-6

 

 

Page 421
Image 421
3Com WX3000 operation manual Configuring ARP Attack Detection, Arp check enable, Arp detection enable, Arp detection trust