Manualsbrain.com
  1. Manuales
  2. Marcas
  3. 3com
  4. S7906E
  5. Instruccion De Instalación

3com S7906E Instruccion De Instalación

Descargar
Página de 2621
 
1-5 
To do… 
Use the command… 
Remarks 
Enter system view 
system-view 
— 
Enter Ethernet interface 
view 
interface interface-type 
interface-number 
— 
Configure ARP packet 
rate limit 
arp rate-limit { disable | rate 
pps drop } 
Required 
By default, the ARP packet rate limit 
is enabled and is 100 pps. 
 
Configuring ARP Detection 
Introduction 
The ARP detection feature is mainly configured on an access device to allow only the ARP packets of 
authorized clients to be forwarded, hence preventing user spoofing and gateway spoofing.  
ARP detection includes ARP detection based on specified objects, and ARP detection based on static 
IP source guard binding entries/DHCP snooping entries/802.1X security entries/OUI MAC addresses. 
 
 
If both the ARP detection based on specified objects and the ARP detection based on static IP Source 
Guard binding entries/DHCP snooping entries/802.1X security entries/OUI MAC addresses are 
enabled, the former one applies first, and then the latter applies. 
 
Configuring ARP Detection Based on Specified Objects 
With this feature configured, the device permits the ARP packets received from an ARP trusted port to 
pass directly, and checks the ARP packets received from an ARP untrusted port. You can specify 
objects in the ARP packets to be detected. The objects involve: 
src-mac: Checks whether the sender MAC address of an ARP packet is identical to the source 
MAC address in the Ethernet header. If they are identical, the packet is forwarded; otherwise, the 
packet is discarded. 
dst-mac: Checks the target MAC address of ARP replies. If the target MAC address is all-zero, 
all-one, or inconsistent with the destination MAC address in the Ethernet header, the packet is 
considered invalid and discarded. 
ip: Checks both the source and destination IP addresses in an ARP packet. The all-zero, all-one or 
multicast IP addresses are considered invalid and the corresponding packets are discarded. With 
this object specified, the source and destination IP addresses of ARP replies, and the source IP 
address of ARP requests are checked. 
Follow these steps to configure ARP detection based on specified objects: 
To do… 
Use the command… 
Remarks 
Enter system view 
system-view 
— 
Enter VLAN view 
vlan vlan-id 
—