3com 5500-ei pwr Instruccion De Instalación

 

2-7 

Specify the current port as a 
trusted port  

Optional 

After DHCP snooping is 
enabled, you need to configure 
the upstream port connected to 
the DHCP server as a trusted 
port. 

Configure the port as an ARP 
trusted port 

Optional 

By default, a port is an ARP 
untrusted port. 

Generally, the upstream port of 
a switch is configured as a 
trusted port. 

Quit to system view 

— 

Enter VLAN view 

vlan vlan-id 

— 

Enable the ARP attack 
detection function 

Required 

By default, ARP attack 
detection is disabled on all 
ports. 

Enable ARP restricted 
forwarding 

Optional 

Disabled by default. 

 

z 

When most clients acquire IP addresses through DHCP and some clients use static IP addresses, 

you need to enable DHCP snooping and configure static IP binding entries on the switch. These 

functions can cooperate with ARP attack detection to check the validity of packets. 

z 

You need to use ARP attack detection based on authenticated 802.1x clients together with 

functions of both MAC-based 802.1x authentication and ARP attack detection. 

z 

Currently, the VLAN ID of an IP-to-MAC binding configured on a port of an S5500-EI series 

Ethernet switch is the same as the default VLAN ID of the port. If the VLAN tag of an ARP packet is 

different from the default VLAN ID of the receiving port, the ARP packet cannot pass the ARP 

attack detection based on the IP-to-MAC bindings. 

z 

Before enabling ARP restricted forwarding, make sure you have enabled ARP attack detection and 

configured ARP trusted ports. 

z 

You are not recommended to configure ARP attack detection on the ports of an aggregation group. 

 

Follow these steps to configure the ARP packet rate limit function: 

Enter system view 

system-view 

— 

Enter Ethernet port view 

interface interface-type 
interface-number 

—