Arp detection configuration example ii, Network requirements, Configuration procedure – H3C Technologies H3C S7500E Series Switches User Manual

14-10

[SwitchB-gigabitethernet2/0/2] user-bind ip-address 10.1.1.6 mac-address 0001-0203-0607

vlan 10

[SwitchB-gigabitethernet2/0/2] quit

# Enable the checking of the MAC addresses and IP addresses of ARP packets.

[SwitchB] arp detection validate dst-mac ip src-mac

After the preceding configurations are completed, when ARP packets arrive at interfaces

gigabitethernet 2/0/1 and gigabitethernet 2/0/2, their MAC and IP addresses are checked, and then

the packets are checked against the static IP Source Guard binding entries and finally DHCP snooping

entries.

ARP Detection Configuration Example II

Network requirements

As shown in

Figure 14-2

, configure Switch A as a DHCP server and enable 802.1X on Switch B.

Enable ARP detection for VLAN 10 to allow only packets from valid clients to pass. Configure Host A

and Host B as local 802.1X access users.

Figure 14-2 Network diagram for ARP detection configuration

Configuration procedure

1) Add all the ports on Switch B into VLAN 10, and configure the IP address of VLAN-interface 10 on

Switch A (the configuration procedure is omitted).

2) Configure Switch A as a DHCP server

# Configure DHCP address pool 0

system-view

[SwitchA] dhcp enable

[SwitchA] dhcp server ip-pool 0

[SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0

3) Configure Host A and Host B as 802.1X clients (the configuration procedure is omitted) and

configure them to upload IP addresses for ARP detection.

4) Configure Switch B

# Enable the 802.1X function.

system-view

[SwitchB] dot1x