Network requirements, Configuration procedure – H3C Technologies H3C S6300 Series Switches User Manual

332

User validity check and ARP packet validity check
configuration example

Network requirements

As shown in

Figure 109

, configure Switch B to perform ARP packet validity check and user validity check

based on static IP source guard binding entries and DHCP snooping entries for connected hosts.

Figure 109 Network diagram

Configuration procedure

1.

Add all interfaces on Switch B to VLAN 10, and specify the IP address of VLAN-interface 10 on

Switch A. (Details not shown.)

2.

Configure the DHCP server on Switch A, and configure DHCP address pool 0.

system-view

[SwitchA] dhcp enable

[SwitchA] dhcp server ip-pool 0

[SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0

3.

Configure Host A (DHCP client) and Host B. (Details not shown.)

4.

Configure Switch B:
# Enable DHCP snooping.

system-view

[SwitchB] dhcp snooping enable

[SwitchB] interface ten-gigabitethernet 1/0/3

[SwitchB-Ten-GigabitEthernet1/0/3] dhcp snooping trust

[SwitchB-Ten-GigabitEthernet1/0/3] quit

# Enable recording of client information in DHCP snooping entries on Ten-GigabitEthernet 1/0/1.

[SwitchB] interface ten-gigabitethernet 1/0/1

[SwitchB-Ten-GigabitEthernet1/0/1] dhcp snooping binding record

[SwitchB-Ten-GigabitEthernet1/0/1] quit

# Enable ARP detection for VLAN 10.

Switch A

Switch B

Host A

Host B

XGE1/0/3
Vlan-int10
10.1.1.1/24

Gateway
DHCP server

XGE1/0/1

XGE1/0/3

XGE1/0/2

DHCP client

VLAN 10

DHCP snooping

10.1.1.6

0001-0203-0607