beautypg.com

9 ip dhcp snooping binding arp, Ip dhcp snooping binding arp – PLANET XGS3-24040 User Manual

Page 358

background image


27-71

Usage Guide:

The static binding users is deal in the same way as the dynamic binding users captured by DHCP

SNOOPING; the follwoing actions are all allowed: notifying DOT1X to be a controlled user of DOT1X,

adding a trusted user list entry directly, adding a bingding ARP list entry. The static binding uses

will never be aged, and have a priority higher than dynamic binding users. Only after the DHCP

SNOOPING binding function is enabled, the static binding users can be enabled.

Example:

Configure static binding users.

switch(config)#ip dhcp snooping binding user 00-30-4f-12-34-56 address 192.168.1.16

255.255.255.0 interface Ethernet 1/16

Relative Command:

ip dhcp snooping binding enable

27.9 ip dhcp snooping binding arp

Command:

ip dhcp snooping binding arp

no ip dhcp snooping binding arp

Function:

Enable the DHCP Snooping binding ARP funciton.

Parameters:

None

Command Mode:

Globe mode

Default Settings:

DHCP Snooping binding ARP funciton is disabled by default.

Usage Guide:

When this function is enbaled, DHCP SNOOPING will add binding ARP list entries according to

binding information. Only after the binding function is enabled, can the binding ARP function be

enabled. Binding ARP list entries are static entries without configuration of reservation, and will be

added to the NEIGHBOUR list directly. The priority of binding ARP list entries is lower than the static

ARP list entries set by administrator, so can be overwritten by static ARP list entries; but, when

static ARP list entries are deleted, the binding ARP list entries can not be recovered untill the DHCP

SNOOPING recapture the biding inforamtion. Adding binding ARP list entries is used to prevent

these list entried from being attacked by ARP cheating. At the same time, these static list entries

need no reauthenticaiton, which can prenvent the switch from the failing to reauthenticate ARP

when it is being attacked by ARP scanning.

Only after the DHCP SNOOPING binding function is enabled, the binding ARP function can be set.

Example:

Enable the DHCP Snooping binding ARP funciton.

switch(config)#ip dhcp snooping binding arp

Relative Command:

ip dhcp snooping binding enable

See also other documents in the category PLANET Routers: