H3C Technologies H3C S7500E Series Switches User Manual

14-7

match is found, the ARP packet is considered valid and is forwarded. If an entry with a matching

IP address but an unmatched MAC address is found, the ARP packet is considered invalid and is

discarded. If no entry with a matching IP address is found, the device compares the ARP packet’s

sender IP and MAC addresses against the DHCP snooping entries, 802.1X security entries, and

OUI MAC addresses.

z

If a match is found in any of the entries, the ARP packet is considered valid and is forwarded.

ARP detection based on OUI MAC addresses refers to that if the sender MAC address of the

received ARP packet is an OUI MAC address and voice VLAN is enabled, the packet is

considered valid.

z

If no match is found, the ARP packet is considered invalid and is discarded.

z

Upon receiving an ARP packet from an ARP trusted port, the device does not check the ARP

packet.

z

Static IP Source Guard binding entries are created by using the user-bind command. For details,

refer to IP Source Guard Configuration in the Security Configuration Guide.

z

Dynamic DHCP snooping entries are automatically generated through the DHCP snooping

function. For details, refer to DHCP Snooping Configuration in the Layer 3 - IP Services

Configuration Guide.

z

802.1X security entries are generated by the 802.1X function. For details, refer to 802.1X

Configuration in the Security Configuration Guide.

Follow these steps to enable ARP detection for a VLAN and specify a trusted port:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter VLAN view

vlan vlan-id

—

Enable ARP detection for the

VLAN

arp detection enable

Required

Disabled by default. That is, ARP detection

based on static IP Source Guard binding

entries/DHCP snooping entries/802.1X

security entries/OUI MAC addresses is not

enabled by default.

Return to system view

quit

—

Enter Ethernet interface view

interface interface-type

interface-number

—