3com 5500-ei pwr Installation Instruction
2-6
To do…
Use the command…
Remarks
Enter Ethernet port view
interface interface-type
interface-number
interface-number
—
Configure ARP packet filtering
based on the gateway’s IP
address
based on the gateway’s IP
address
arp filter source ip-address
Required
Not configured by default.
Follow these steps to configure ARP packet filtering based on gateway’s IP and MAC address:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter Ethernet port view
interface interface-type
interface-number
interface-number
—
Configure ARP packet filtering
based on the gateway’s IP and
MAC addresses
based on the gateway’s IP and
MAC addresses
arp filter binding ip-address
mac-address
mac-address
Required
Not configured by default.
The arp filter source and arp filter binding commands are mutually exclusive on an Ethernet port.
That is, you can only configure ARP packet filtering based on gateway’s IP address, or based on
gateway’s IP and MAC addresses on an Ethernet port. Generally, ARP packet filtering based on
gateway's IP address is configured on the switch's port directly connected to a host, and ARP packet
filtering based on gateway's IP and MAC addresses is configured on the cascaded port or upstream
port.
Configuring ARP Attack Detection
Follow these steps to configure the ARP attack detection function:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Create a static binding
ip source static binding
ip-address ip-address
[ mac-address mac-address ]
ip-address ip-address
[ mac-address mac-address ]
Enable DHCP snooping
dhcp-snooping
Enable ARP attack detection
based on IP-to-MAC bindings
of authenticated 802.1x clients
based on IP-to-MAC bindings
of authenticated 802.1x clients
ip source static import dot1x
Required
Use at least one of the
commands.
commands.
By default, no IP static binding
is created, and the DHCP
snooping function and ARP
attack detection based on
authenticated 802.1x clients
are disabled.
is created, and the DHCP
snooping function and ARP
attack detection based on
authenticated 802.1x clients
are disabled.
Enter Ethernet port view
interface interface-type
interface-number
interface-number
—