Dynamic ARP Inspection Overview

Example Configuration

T

Note: This example applies only to platforms that support routing.

The following example configures DHCP snooping and dynamic ARP inspection in a routing environment using RIP. The example configures two interfaces on the switch, configuring RIP on both interfaces, assigning each to a different VLAN, and then enabling DHCP snooping and dynamic ARP inspection on them:

Interface ge.1.1, which is connected to a remote DHCP server, on VLAN 192

Interface ge.1.2, which is connected to DHCP clients, on VLAN 10

In addition, the default VLAN, VLAN 1, is also enabled for DHCP snooping and dynamic ARP inspection.

Since the DHCP server is remote, the switch has been configured as a DHCP relay agent (with the ip helper‐address command), to forward client requests to the DHCP server. Therefore, MAC address verification is disabled (with the set dhcpsnooping verify mac‐address disable command) in order to allow DHCP RELEASE packets to be processed by the DHCP snooping functionality and client bindings removed from the bindings database

Router Configuration

router enable configure interface vlan 10 no shutdown

ip address 10.2.0.1 255.255.0.0 ip helper-address 192.168.0.200 ip rip send version 2

ip rip receive version 2 ip rip enable

exit

interface vlan 192 no shutdown

ip address 192.168.0.1 255.255.255.0 ip rip send version 2

ip rip receive version 2 ip rip enable

exit router rip exit

VLAN Configuration

set vlan create 10 set vlan create 192

clear vlan egress 1 ge.1.1-2

SecureStack C3 Configuration Guide 17-19

Page 529
Image 529
Enterasys Networks 9034313-07 manual Example Configuration, Router Configuration, Vlan Configuration