HP 5820X series Configuration Manual page 193

Enabling ARP detection in SVLANs
The ARP detection function enables a switch to modify the VLAN attributes of ARP packets, which is
impossible under the normal ARP packet processing procedure. For more information about ARP detection,
see the Security Configuration Guide.
To enable ARP detection in all SVLANs:
To do...
1. Enter system view
2. Enter VLAN view
3. Enable ARP detection
To defend against ARP attacks, enable ARP detection also in all CVLANs.
Configuring an uplink policy
To configure an uplink policy to map a group of CVLANs to one SVLAN:
To do...
1. Enter system view
2. Create a class and enter class
view
3. Configure multiple CVLANs
as match criteria
4. Return to system view
5. Create a traffic behavior and
enter traffic behavior view
6. Configure an SVLAN marking
action
7. Return to system view
8. Create a QoS policy and
enter QoS policy view
9. Map the CVLANs to the
SVLAN by associating the
class with the behavior
Configuring the customer-side port
To configure the customer-side port:
To do...
1. Enter system view
2. Enter Layer 2 Ethernet
interface view
3. Configure the port as a trunk
port
Use the command...
system-view
vlan vlan-id
arp detection enable
Use the command...
system-view
traffic classifier tcl-name operator
or
if-match customer-vlan-id { vlan-id-
list | vlan-id1 to vlan-id2 }
quit
traffic behavior behavior-name
remark service-vlan-id vlan-id
quit
qos policy policy-name
classifier tcl-name behavior
behavior-name mode dot1q-tag-
manipulation
Use the command...
system-view
interface interface-type interface-
number
port link-type trunk
186
Remarks
—
––
Required
Disabled by default
Remarks
—
Required.
Repeat these steps to configure
one class for each group of
CVLANs.
Required.
Repeat these steps to configure
one behavior for each SVLAN.
Required.
Required.
Repeat this step to create other
CVLANs-to-SVLAN mappings.
Remarks
—
—
Required.
The default link type of an
Ethernet port is access.