beautypg.com

Displaying and maintaining arp, Arp configuration example, Arp basic configuration example – H3C Technologies H3C WX3000 Series Unified Switches User Manual

Page 403: Arp attack detection configuration example, 8 arp configuration example

background image

39-8

Displaying and Maintaining ARP

To do…

Use the command…

Remarks

Display specific ARP mapping table
entries

display arp

[ static | dynamic | ip-address ]

Display the ARP mapping entries related
to a specified string in a specified way

display arp

[ dynamic | static ] | { begin | include

| exclude } text

Display the number of the ARP entries of
a specified type

display arp count

[ [ dynamic | static ] [ | { begin |

include

| exclude } text ] | ip-address ]

Display the statistics about the untrusted
ARP packets dropped by the specified
port

display arp detection statistics interface

interface-type interface-number

Display the setting of the ARP aging
timer

display arp timer aging

Available in
any view

Clear specific ARP entries

reset

arp [ dynamic | static | interface

interface-type interface-number

]

Available in
user view

ARP Configuration Example

ARP Basic Configuration Example

Network requirement

z

Disable ARP entry check on the device.

z

Set the aging time for dynamic ARP entries to 10 minutes.

z

Add a static ARP entry, with the IP address being 192.168.1.1, the MAC address being
000f-e201-0000, and the outbound port being GigabitEthernet 1/0/10 of VLAN 1.

Configuration procedure

system-view

[device] undo arp check enable

[device] arp timer aging 10

[device] arp static 192.168.1.1 000f-e201-0000 1 gigabitethernet 1/0/10

ARP Attack Detection Configuration Example

Network requirements

As shown in

Figure 40-4

, GigabitEthernet 1/0/1 of Switch A connects to DHCP Server; GigabitEthernet

1/0/2 connects to Client A, GigabitEthernet 1/0/3 connects to Client B. GigabitEthernet 1/0/1,
GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 belong to VLAN 1.

z

Enable DHCP snooping on Switch A and specify GigabitEthernet 1/0/1 as the DHCP snooping
trusted port.

z

Enable ARP attack detection in VLAN 1 to prevent ARP man-in-the-middle attacks, and specify
GigabitEthernet 1/0/1 as the ARP trusted port.

See also other documents in the category H3C Technologies Routers: