Item | Description | |
| Select trusted ports. | |
| To add ports to the Trusted Ports list box, select one or multiple ports from the Untrusted | |
Trusted Ports | Ports list box and click the << button. | |
| To remove ports from the Trusted Ports list box, select one or multiple ports from the list box | |
| and click the >> button. | |
|
| |
| Select user validity check modes, including: | |
| ∙ Using DHCP Snooping to validate users | |
| ∙ Using Dot1x to validate users | |
| ∙ Using | |
| configure static | |
| configuration, see “Creating a static binding entry”. | |
| If all the detection types are specified, the system uses static | |
| DHCP snooping entries, and then 802.1X security entries. If an ARP packet fails to pass | |
User Validation | ARP detection based on static | |
detection, it will be checked against DHCP snooping entries. If a match is found, the packet | ||
Check | ||
is considered to be valid and will not be checked against 802.1X security entries; | ||
| ||
| otherwise, the packet is checked against 802.1X security entries. If a match is found, the | |
| packet is considered to be valid; otherwise, the packet is discarded. | |
| If none of the above is selected, all ARP packets are considered to be invalid. | |
| IMPORTANT: | |
| ∙ Before enabling ARP detection based on DHCP snooping entries, make sure that DHCP | |
| snooping is enabled. | |
| ∙ Before enabling ARP detection based on 802.1X security entries, make sure that | |
| 802.1X is enabled and the 802.1X clients are configured to upload IP addresses. | |
|
| |
| Select ARP packet validity check modes, including: | |
| ∙ If the source MAC address of an ARP packet is not identical to that in the Ethernet | |
| header, the ARP packet is discarded | |
ARP Packet | ∙ If the destination MAC address of an ARP reply is | |
that in the Ethernet header, the ARP packet is discarded | ||
Validation | ||
∙ If the source IP address of an ARP request, or the source IP address or destination IP | ||
| ||
| address of an ARP reply is | |
| discarded | |
| If none of the above is selected, the system does not check the validity of ARP packets. | |
|
|
Creating a static binding entry
If you select Using
To create a static binding entry, type an IP address and MAC address in the Static Bindings field, and then click Add, as shown in a.
NOTE:
If an entry with a matching IP address but a different MAC address is found, the ARP packet is considered invalid and discarded. If an entry with both matching IP and MAC addresses is found, the ARP packet is considered valid and can pass the detection.
319