3com 5500-ei pwr Instruccion De Instalación
![3com](https://files.manualsbrain.com/attachments/960452ff43b9899cbcffced60c87abf956e7967a/common/fit/150/50/f6ac125d7af2cf40fec58935fa6d4bf71457a57efe50bee91208a434f325/brand_logo.jpeg)
2-7
To do…
Use the command…
Remarks
Specify the current port as a
trusted port
trusted port
dhcp-snooping trust
Optional
After DHCP snooping is
enabled, you need to configure
the upstream port connected to
the DHCP server as a trusted
port.
enabled, you need to configure
the upstream port connected to
the DHCP server as a trusted
port.
Configure the port as an ARP
trusted port
trusted port
arp detection trust
Optional
By default, a port is an ARP
untrusted port.
untrusted port.
Generally, the upstream port of
a switch is configured as a
trusted port.
a switch is configured as a
trusted port.
Quit to system view
quit
—
Enter VLAN view
vlan vlan-id
—
Enable the ARP attack
detection function
detection function
arp detection enable
Required
By default, ARP attack
detection is disabled on all
ports.
detection is disabled on all
ports.
Enable ARP restricted
forwarding
forwarding
arp restricted-forwarding
enable
enable
Optional
Disabled by default.
z
When most clients acquire IP addresses through DHCP and some clients use static IP addresses,
you need to enable DHCP snooping and configure static IP binding entries on the switch. These
functions can cooperate with ARP attack detection to check the validity of packets.
z
You need to use ARP attack detection based on authenticated 802.1x clients together with
functions of both MAC-based 802.1x authentication and ARP attack detection.
z
Currently, the VLAN ID of an IP-to-MAC binding configured on a port of an S5500-EI series
Ethernet switch is the same as the default VLAN ID of the port. If the VLAN tag of an ARP packet is
different from the default VLAN ID of the receiving port, the ARP packet cannot pass the ARP
attack detection based on the IP-to-MAC bindings.
z
Before enabling ARP restricted forwarding, make sure you have enabled ARP attack detection and
configured ARP trusted ports.
z
You are not recommended to configure ARP attack detection on the ports of an aggregation group.
Configuring the ARP Packet Rate Limit Function
Follow these steps to configure the ARP packet rate limit function:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter Ethernet port view
interface interface-type
interface-number
interface-number
—