H3C Low-End Ethernet Switches Configuration Examples
ARP Attack Prevention
1.3 Configuring ARP Attack Prevention
Table 1-2 Complete the following tasks to configure ARP attack prevention:
Task
—
Configure
DHCP
snooping
to record
client's
IP-to-MAC
bindings
Configure
an IP static
binding on
the
specified
port
Configure
ARP
attack
detection
to prevent
common
ARP
attacks
To do...
Enter system view
Enter Ethernet port
view
Configure the port
as a DHCP
snooping trusted
port
Return to system
view
Enable DHCP
snooping
Enter Ethernet port
view
Configure an IP
static binding entry
Return to system
view
Enter Ethernet port
view
Configure the port
as an ARP trusted
port
Return to system
view
Enter VLAN view
Enable ARP attack
detection
Return to system
view
1-7
Chapter 1 ARP Attack Prevention Overview
Use the command...
system-view
interface interface-type
interface-number
dhcp-snooping trust
quit
dhcp-snooping
interface interface-type
interface-number
ip source static binding
ip-address ip-address
[ mac-address
mac-address ]
quit
interface interface-type
interface-number
arp detection trust
quit
vlan vlan-id
arp detection enable
quit
Remarks
—
—
Required
By default, all the
ports on a switch
are DHCP
snooping untrusted
ports.
—
Required
Disabled by
default.
—
Optional
Not configured by
default.
—
—
Optional
By default, the port
is an ARP
untrusted port
—
—
Required
By default, ARP
attack detection is
disabled on all the
ports in the VLAN.
—