Arp Configuration Examples; Arp Basic Configuration Example; Arp Attack Detection Configuration Example - H3C S5100-SI Operation Manual
Ethernet switches
Hide thumbs
Also See for H3C S5100-SI:
- Operation manual (934 pages) ,
- Installation manual (104 pages) ,
- Quick start manual (78 pages)
Table of Contents
Advertisement
To do...
Display the statistics about the
untrusted ARP packets
dropped by the specified port
Display the setting of the ARP
aging timer
Clear specific ARP entries
ARP Configuration Examples
ARP Basic Configuration Example
Network requirements
Disable ARP entry check on the switch.
Set the aging time for dynamic ARP entries to 10 minutes.
Add a static ARP entry, with the IP address being 192.168.1.1, the MAC address being
000f-e201-0000, and the outbound port being GigabitEthernet 1/0/10 of VLAN 1.
Configuration procedure
<Sysname> system-view
[Sysname] undo arp check enable
[Sysname] arp timer aging 10
[Sysname] arp static 192.168.1.1 000f-e201-0000 1 GigabitEthernet1/0/10
ARP Attack Detection Configuration Example
Network requirements
As shown in
Figure
1/0/2 connects to Client A, GigabitEthernet 1/0/3 connects to Client B. GigabitEthernet 1/0/1,
GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 belong to VLAN 1.
Enable DHCP snooping on Switch A and specify GigabitEthernet 1/0/1 as the DHCP snooping
trusted port.
Enable ARP attack detection in VLAN 1 to prevent ARP man-in-the-middle attacks, and specify
GigabitEthernet 1/0/1 as the ARP trusted port.
Use the command...
display arp detection
statistics interface
interface-type interface-number
display arp timer aging
reset arp [ dynamic | static |
interface interface-type
interface-number ]
1-4, GigabitEthernet 1/0/1 of Switch A connects to DHCP Server; GigabitEthernet
Available in user view
1-8
Remarks
Advertisement
Chapters
Table of Contents
Troubleshooting
