Displaying and maintaining arp detection, Arp detection configuration example i, Network requirements – H3C Technologies H3C S7500E Series Switches User Manual

14-8

To do…

Use the command…

Remarks

Configure the port as a

trusted port on which ARP

detection does not apply

arp detection trust

Optional

The port is an untrusted port by default.

z

When configuring this feature, you need to configure ARP detection based on at least static IP

Source Guard binding entries, DHCP snooping entries, or 802.1X security entries. Otherwise, all

ARP packets received from an ARP untrusted port will be discarded, except the ARP packets with

an OUI MAC address as the sender MAC address when voice VLAN is enabled.

z

When configuring an IP Source Guard binding entry, you need to specify the VLAN; otherwise, no

ARP packet will pass the ARP detection based on static IP Source Guard binding entries.

Displaying and Maintaining ARP Detection

To do…

Use the command…

Remarks

Display the VLANs enabled

with ARP detection

display arp detection

Available in any view

Display the ARP detection

statistics

display arp detection statistics [ interface

interface-type interface-number ]

Available in any view

Clear the ARP detection

statistics

reset arp detection statistics [ interface

interface-type interface-number ]

Available in user view

ARP Detection Configuration Example I

Network requirements

As shown in

Figure 14-1

, configure Switch A as a DHCP server and enable DHCP snooping on Switch

B. Configure Host A as a DHCP client. Configure Host B whose IP address is 10.1.1.6 and MAC

address is 0001-0203-0607. Enable ARP detection for VLAN 10 to allow only packets from valid

clients or hosts to pass.