Configuration Prerequisites; Enabling Dhcp Snooping; Enabling Arp Detection In Svlans; Configuring An Uplink Policy - H3C S3600V2 SERIES Layer 2-Lan Switching Configuration Manual

Task
Configuring the network-side port

Configuration prerequisites

Before configuring many-to-one VLAN mapping:
• Make sure that all home users obtain IP addresses through DHCP. For how to assign IP addresses
through DHCP, see Layer 3—IP Services Configuration Guide.
Create CVLANs and SVLANs, and plan CVLANs-to-SVLAN mappings.
•

Enabling DHCP snooping

Step
1. Enter system view.
2. Enable DHCP snooping.

Enabling ARP detection in SVLANs

The ARP detection function enables a switch to modify the VLAN attributes of ARP packets, which is
impossible under the normal ARP packet processing procedure. For more information about ARP
detection, see Security Configuration Guide.
To enable ARP detection in all SVLANs:
Step
1. Enter system view.
2. Enter VLAN view.
3. Enable ARP detection.
NOTE:
To defend against ARP attacks, enable ARP detection also in all CVLANs.

Configuring an uplink policy

To configure an uplink policy to map a group of CVLANs to one SVLAN:
Step
1. Enter system view.
2. Create a class and enter class
view.
3. Configure multiple CVLANs
as match criteria.
Description
Configures VLAN and other settings required for many-to-one
VLAN mapping (required).
Command
system-view
dhcp-snooping
Command
system-view
vlan vlan-id
arp detection enable
Command
system-view
traffic classifier tcl-name operator
or
if-match customer-vlan-id { vlan-list
| vlan-id1 to vlan-id2 }
210
Remarks
N/A
Disabled by default.
Remarks
N/A
N/A
Disabled by default.
Remarks
N/A
Repeat these steps to configure one
class for each group of CVLANs.