Displaying And Maintaining Arp Detection; Arp Detection Configuration Example I - H3C S5120-SI Series Configuration Manual

•
ip: Checks both the source and destination IP addresses in an ARP packet. The all-zero, all-one or
multicast IP addresses are considered invalid and the corresponding packets are discarded. With
this object specified, the source and destination IP addresses of ARP replies, and the source IP
address of ARP requests are checked.
Before performing the following configuration, make sure you have configured the arp detection
enable command.
To configure ARP detection based on specified objects:
To do...
1. Enter system view
2. Specify objects for ARP
detection
If they are both enabled, ARP detection based on specified objects applies first, followed by ARP detection based
on static IP-to-MAC bindings/DHCP snooping entries/802.1X security entries.

Displaying and maintaining ARP detection

To do...
1. Display the VLANs enabled
with ARP detection
2. Display the ARP detection
statistics
3. Clear the ARP detection
statistics

ARP detection configuration example I

Network requirements
As shown in Figure 5:
•
Enable DHCP snooping on Switch A.
•
Configure Host A as a DHCP client.
•
Configure Host B whose IP address is 10.1.1.6 and MAC address is 0001-0203-0607.
•
Enable ARP detection for VLAN 10 to allow only packets from valid clients or hosts to pass.
Use the command...
system-view
arp detection validate { dst-mac | ip
| src-mac } *
Use the command...
display arp detection
display arp detection statistics [ interface
interface-type interface-number ]
reset arp detection statistics [ interface
interface-type interface-number ]
25
Remarks
—
Required
Not specified by default
Remarks
Available in any view
Available in any view
Available in user view