H3C S5600 Series Operation Manual page 663

Hide thumbs Also See for S5600 Series:

Operation manual (1278 pages)

Configuration (313 pages)

Operation manual (11 pages)

Table of Contents

[SwitchA] interface GigabitEthernet 1/0/2

[SwitchA-GigabitEthernet1/0/2] arp detection trust

[SwitchA-GigabitEthernet1/0/2] dhcp-snooping trust

# Configure GigabitEthernet 1/0/2 as an MFF network port.

[SwitchA-GigabitEthernet1/0/2] arp mac-forced-forwarding network-port

# Enable IP filtering on GigabitEthernet 1/0/1, add it to the port isolation group, and then configure it as

an MFF user port.

[SwitchA] interface GigabitEthernet 1/0/1

[SwitchA-GigabitEthernet1/0/1] port isolate

[SwitchA-GigabitEthernet1/0/1] ip check source ip-address

[SwitchA-GigabitEthernet1/0/1] arp mac-forced-forwarding user-port

[SwitchA-GigabitEthernet1/0/1] quit

# Enable IP filtering on GigabitEthernet 1/0/3, add it to the port isolation group, and then configure it as

an MFF user port.

[SwitchA] interface GigabitEthernet 1/0/3

[SwitchA-GigabitEthernet1/0/3] port isolate

[SwitchA-GigabitEthernet1/0/3] ip check source ip-address

[SwitchA-GigabitEthernet1/0/3] arp mac-forced-forwarding user-port

[SwitchA-GigabitEthernet1/0/3] quit

Configure Switch B.

# Enable DHCP snooping.

<SwitchB> system-view

[SwitchB] dhcp-snooping

# Enable ARP intrusion detection on VLAN 1.

[SwitchB] vlan 1

[SwitchB-vlan1] arp detection enable

# Enable MFF.

[SwitchB-vlan-1] arp mac-forced-forwarding auto

# Specify the IP address of the DHCP server.

[SwitchB-vlan-1] arp mac-forced-forwarding server 10.1.1.2

# Configure GigabitEthernet 1/0/2 as an ARP intrusion detection trusted port and an DHCP snooping

trusted port.

[SwitchB] interface GigabitEthernet 1/0/2

[SwitchB-GigabitEthernet1/0/2] arp detection trust

[SwitchB-GigabitEthernet1/0/2] dhcp-snooping trust

# Configure GigabitEthernet 1/0/2 as an MFF network port.

[SwitchB-GigabitEthernet1/0/2] arp mac-forced-forwarding network-port

# Enable IP filtering on GigabitEthernet 1/0/1, add it to the port isolation group, and then configure it as

an MFF user port.

[SwitchB] interface GigabitEthernet 1/0/1

[SwitchB-GigabitEthernet1/0/1] port isolate

[SwitchB-GigabitEthernet1/0/1] ip check source ip-address

[SwitchB-GigabitEthernet1/0/1] arp mac-forced-forwarding user-port

[SwitchB-GigabitEthernet1/0/1] quit

Configure Switch C.

# Enable DHCP snooping.

<SwitchC> system-view

Show Quick Links

Quick Links:
Audience

Chapters

Table of Contents

Troubleshooting

H3C S5600 Series Operation Manual page 663

Hide quick links:

Chapters

Troubleshooting

Related Manuals for H3C S5600 Series

Related Products for H3C S5600 Series

This manual is also suitable for:

Table of Contents