3Com 4500G Family Configuration Manual page 779

To do...
Enter Ethernet interface
view
Configure the port as a
trusted port
Return to system view
Specify an ARP attack
detection mode
Configure a static
IP-to-MAC binding for ARP
detection
During the DHCP assignment process, when the client receives the DHCP-ACK message from the
DHCP server, it broadcasts a gratuitous ARP packet to detect address conflicts. If no response is
received in a pre-defined time period, the client uses the assigned IP address. If the client is enabled
with ARP detection based on 802.1X security entries, the IP address is not uploaded to the 802.1X
device before the client uses the IP address. As a result, the gratuitous ARP packet is considered to be
an attack packet and is discarded, and thus cannot detect conflicts. After the client uploads its IP
address to the 802.1X device, subsequent ARP packets sent by the client are considered to be valid
and are allowed to travel through.
Use the command...
interface interface-type
interface-number
arp detection trust
quit
arp detection mode
{ dhcp-snooping | dot1x |
static-bind }
arp detection mode
{ dhcp-snooping | dot1x |
static-bind }*
arp detection static-bind
ip-address mac-address
1-8
Remarks
—
Optional
The port is an untrusted port by
default.
—
Required
Use this command on software
version 3Com 4500G V05.02.00P19
No ARP attack detection mode is
specified by default; that is, all packets
are considered to be invalid by default.
Required
Use this command on software
version 3Com 4500G V05.02.00
No ARP attack detection mode is
specified by default; that is, all packets
are considered to be invalid by default.
Optional
Not configured by default.
If the ARP attack detection mode is
static-bind, you need to configure
static IP-to-MAC bindings for ARP
detection.