Configuring Arp Attack Detection - 3Com 4210 9-Port Configuration Manual

Operation
Configure the ARP aging timer
Enable the ARP entry checking
function (that is, disable the switch
from learning ARP entries with
multicast MAC addresses)
Static ARP entries are valid as long as the Ethernet switch operates normally. But some operations,
such as removing a VLAN, or removing a port from a VLAN, will make the corresponding ARP
entries invalid and therefore removed automatically.
As for the arp static command, the value of the vlan-id argument must be the ID of an existing
VLAN, and the port identified by the interface-type and interface-number arguments must belong to
the VLAN.
Currently, static ARP entries cannot be configured on the ports of an aggregation group.

Configuring ARP Attack Detection

Table 1-5 Configure the ARP attack detection function
Operation
Enter system view
Enable DHCP snooping
Enter Ethernet port view
Specify the current port as a
trusted port
Quit to system view
Enter VLAN view
Enable the ARP attack
detection function
Quit to system view
Enter Ethernet port view
Command
arp timer aging aging-time
arp check enable
Command
system-view
dhcp-snooping
interface interface-type
interface-number
dhcp-snooping trust
quit
vlan vlan-id
arp detection enable
quit
interface interface-type
interface-number
1-6
Remarks
Optional
By default, the ARP aging
timer is set to 20 minutes.
Optional
By default, the ARP entry
checking function is
enabled.
Remarks
—
Required
By default, the DHCP snooping
function is disabled.
—
Required
By default, after DHCP snooping is
enabled, all ports of a switch are
untrusted ports.
—
—
Required
By default, ARP attack detection is
disabled on all ports.
—
—