User validity check and ARP packet validity check
configuration example
Network requirements
As shown in
based on static IP source guard binding entries and DHCP snooping entries for connected hosts.
Figure 70 Network diagram
Switch A
DHCP snooping
Switch B
XGE1/0/1
Host A
DHCP client
Configuration procedure
1.
Add all the interfaces on Switch B to VLAN 10, and configure the IP address of VLAN-interface 10
on Switch A. (Details not shown.)
2.
Configure the DHCP server on Switch A, and configure DHCP address pool 0.
<SwitchA> system-view
[SwitchA] dhcp enable
[SwitchA] dhcp server ip-pool 0
[SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0
3.
Configure Host A (DHCP client) and Host B. (Details not shown.)
4.
Configure Switch B:
# Enable DHCP snooping.
<SwitchB> system-view
[SwitchB] dhcp snooping enable
[SwitchB] interface ten-gigabitethernet 1/0/3
[SwitchB-Ten-GigabitEthernet1/0/3] dhcp snooping trust
[SwitchB-Ten-GigabitEthernet1/0/3] quit
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] dhcp snooping binding record
[SwitchB-Ten-GigabitEthernet1/0/1] quit
# Enable ARP detection for VLAN 10.
[SwitchB] vlan 10
Figure
70, configure Switch B to perform ARP packet validity check and user validity check
Gateway
DHCP server
XGE1/0/3
Vlan-int10
10.1.1.1/24
VLAN 10
XGE1/0/3
XGE1/0/2
Host B
10.1.1.6
0001-0203-0607
221