Configuration procedure – H3C Technologies H3C S5120 Series Switches User Manual

2-8

Figure 2-2 Network diagram for ARP detection configuration

DHCP client

Host A

Switch A

Host B

Gateway
DHCP server

GE1/0/1

GE1/0/3

GE1/0/2

VLAN 10

DHCP snooping

10.1.1.6

0001-0203-0607

Configuration procedure

1) Add all the ports on Switch A to VLAN 10 (the configuration procedure is omitted).

2) Configure DHCP server (the configuration procedure is omitted).

3) Configure Host A as DHCP client, and Host B as user respectively (the configuration procedure is

omitted)

4) Configure Switch A

# Enable DHCP snooping.

system-view

[SwitchA] dhcp-snooping

[SwitchA] interface GigabitEthernet 1/0/3

[SwitchA-GigabitEthernet1/0/3] dhcp-snooping trust

[SwitchA-GigabitEthernet1/0/3] quit

# Enable ARP detection for VLAN 10.

[SwitchA] vlan 10

[SwitchA-vlan10] arp detection enable

# Configure the upstream port as a trusted port and the downstream ports as untrusted ports (a port is

an untrusted port by default).

[SwitchA-vlan10] interface GigabitEthernet 1/0/3

[SwitchA-GigabitEthernet1/0/3] arp detection trust

[SwitchA-GigabitEthernet1/0/3] quit

# Configure a static IP-to-MAC binding.

[SwitchA] arp detection static-bind 10.1.1.1 000f-e249-8050

# Enable ARP detection based on both DHCP snooping entries and static IP-to-MAC bindings.

[SwitchA] arp detection mode dhcp-snooping

[SwitchA] arp detection mode static-bind

# Enable the checking of the MAC addresses and IP addresses of ARP packets.

[SwitchA] arp detection validate dst-mac ip src-mac