beautypg.com

Network diagram, Configuration procedures – H3C Technologies H3C S3600 Series Switches User Manual

Page 613

background image

2-12

z

Enable ARP attack detection based on bindings of authenticated 802.1x clients on the switch to

prevent ARP attacks.

Network Diagram

Figure 2-6 Network diagram for 802.1x based ARP attack defense

Configuration Procedures

# Enter system view.

system-view

# Enable 802.1x authentication globally.

[Switch] dot1x

# Enable ARP attack detection for VLAN 1.

[Switch] vlan 1

[Switch-vlan1] arp detection enable

[Switch-vlan1] quit

# Configure Ethernet 1/0/2 and Ethernet 1/0/3 as ARP trusted ports.

[Switch] interface Ethernet 1/0/2

[Switch-Ethernet1/0/2] arp detection trust

[Switch-Ethernet1/0/2] quit

[Switch] interface Ethernet 1/0/3

[Switch-Ethernet1/0/3] arp detection trust

[Switch-Ethernet1/0/3] quit

# Enable ARP attack detection based on IP-to-MAC mappings of authenticated 802.1x clients.

[Switch] ip source static import dot1x

# Enable 802.1x on Ethernet 1/0/1.

[Switch] interface ethernet 1/0/1

[Switch-Ethernet1/0/1] dot1x

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: