H3C Technologies H3C S3600 Series Switches User Manual
Page 630
5-9
# Specify the IP address of the DHCP server.
[SwitchA-vlan-1] arp mac-forced-forwarding server 10.1.1.2
# Configure Ethernet 1/0/2 as an ARP detection trusted port and an DHCP snooping trusted port.
[SwitchA] interface ethernet 1/0/2
[SwitchA-Ethernet1/0/2] arp detection trust
[SwitchA-Ethernet1/0/2] dhcp-snooping trust
# Configure Ethernet 1/0/2 as an MFF network port.
[SwitchA-Ethernet1/0/2] arp mac-forced-forwarding network-port
# Enable IP filtering on Ethernet 1/0/1, add it to the port isolation group, and then configure it as an MFF
user port.
[SwitchA] interface ethernet 1/0/1
[SwitchA-Ethernet1/0/1] port isolate
[SwitchA-Ethernet1/0/1] ip check source ip-address
[SwitchA-Ethernet1/0/1] arp mac-forced-forwarding user-port
[SwitchA-Ethernet1/0/1] quit
# Enable IP filtering on Ethernet 1/0/3, add it to the port isolation group, and then configure it as an MFF
user port.
[SwitchA] interface ethernet 1/0/3
[SwitchA-Ethernet1/0/3] port isolate
[SwitchA-Ethernet1/0/3] ip check source ip-address
[SwitchA-Ethernet1/0/3] arp mac-forced-forwarding user-port
[SwitchA-Ethernet1/0/3] quit
4) Configure Switch B.
# Enable DHCP snooping.
[SwitchB] dhcp-snooping
# Enable ARP intrusion detection on VLAN 1.
[SwitchB] vlan 1
[SwitchB-vlan1] arp detection enable
# Enable MFF.
[SwitchB-vlan-1] arp mac-forced-forwarding auto
# Specify the IP address of the DHCP server.
[SwitchB-vlan-1] arp mac-forced-forwarding server 10.1.1.2
# Configure Ethernet 1/0/2 as an ARP intrusion detection trusted port and an DHCP snooping trusted
port.
[SwitchB] interface ethernet 1/0/2
[SwitchB-Ethernet1/0/2] arp detection trust
[SwitchB-Ethernet1/0/2] dhcp-snooping trust
# Configure Ethernet 1/0/2 as an MFF network port.
[SwitchB-Ethernet1/0/2] arp mac-forced-forwarding network-port
# Enable IP filtering on Ethernet 1/0/1, add it to the port isolation group, and then configure it as an MFF
user port.