3com 5500-ei pwr Guía De Referencia

 

2-2 

Use the arp detection enable command to enable the ARP attack detection function on all ports in the 

specified VLAN. When receiving an ARP packet from a port in this VLAN, the switch will check the 

source IP address, source MAC address, number of the receiving port, and the VLAN of the port. If the 

mapping of the source IP address and source MAC address is not included in the DHCP snooping 

entries or IP static binding entries, or the number of the receiving port and the VLAN of the port do not 

match the DHCP snooping entries or IP static binding entries, the ARP packet will be discarded. 

Use the undo arp detection enable command to disable the ARP attack detection function on all ports 

in the specified VLAN.  

By default, ARP attack detection is disabled on the switch. 

# Enable ARP attack detection on all ports in VLAN 1. 

<Sysname> system-view 

System View: return to User View with Ctrl+Z. 

[Sysname] vlan 1 

[Sysname-vlan1] arp detection enable 

undo arp detection trust 

Ethernet port view 

None 

Use the arp detection trust command to specify the current port as a trusted port, that is, ARP packets 

received on this port are regarded as legal ARP packets and will not be checked.  

Use the undo arp detection trust command to specify the current port as an untrusted port in ARP 

detection.  

By default, a port is an untrusted port in ARP detection.  

# Specify Ethernet 1/0/11 as the trusted port in ARP detection. 

<Sysname> system-view 

System View: return to User View with Ctrl+Z. 

[Sysname] interface Ethernet 1/0/11 

[Sysname-Ethernet1/0/11] arp detection trust