3com WX3000 Manuel D’Utilisation
1-6
To do…
Use the command…
Remarks
Enable the ARP entry
checking function (that
is, disable the device
from learning ARP
entries with multicast
MAC addresses)
checking function (that
is, disable the device
from learning ARP
entries with multicast
MAC addresses)
arp check enable
Optional
By default, the ARP entry checking
function is enabled.
function is enabled.
z
Static ARP entries are valid as long as the device operates normally. But some operations, such as
removing a VLAN, or removing a port from a VLAN, will make the corresponding ARP entries
invalid and therefore removed automatically.
z
As for the arp static command, the value of the vlan-id argument must be the ID of an existing
VLAN, and the port identified by the interface-type and interface-number arguments must belong to
the VLAN.
z
Currently, static ARP entries cannot be configured on the ports of an aggregation group.
Configuring ARP Attack Detection
Follow these steps to configure the ARP attack detection function:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enable DHCP snooping
dhcp-snooping
Required
By default, the DHCP snooping
function is disabled.
function is disabled.
Enter Ethernet port view
interface interface-type
interface-number
interface-number
—
Specify the current port as a
trusted port
trusted port
dhcp-snooping trust
Required
By default, after DHCP
snooping is enabled, all ports of
a device are untrusted ports.
snooping is enabled, all ports of
a device are untrusted ports.
Quit to system view
quit
—
Enter VLAN view
vlan vlan-id
—
Enable the ARP attack
detection function
detection function
arp detection enable
Required
By default, ARP attack
detection is disabled on all
ports.
detection is disabled on all
ports.
Quit to system view
quit
—
Enter Ethernet port view
interface interface-type
interface-number
interface-number
—
Configure the port as an ARP
trusted port
trusted port
arp detection trust
Optional
By default, a port is an
untrusted port.
untrusted port.