Configuring arp attack detection – H3C Technologies H3C S3100 Series Switches User Manual
Page 490
1-6
Operation
Command
Remarks
Configure the ARP aging timer
arp timer aging aging-time
Optional
By default, the ARP aging
timer is set to 20 minutes.
Enable the ARP entry checking
function (that is, disable the switch
from learning ARP entries with
multicast MAC addresses)
arp check enable
Optional
By default, the ARP entry
checking function is
enabled.
z
Static ARP entries are valid as long as the Ethernet switch operates normally. But some operations,
such as removing a VLAN, or removing a port from a VLAN, will make the corresponding ARP
entries invalid and therefore removed automatically.
z
As for the arp static command, the value of the vlan-id argument must be the ID of an existing
VLAN, and the port identified by the interface-type and interface-number arguments must belong to
the VLAN.
z
Currently, static ARP entries cannot be configured on the ports of an aggregation group.
Configuring ARP Attack Detection
Among the S3100 series Ethernet switches, only the S3100-EI series support ARP attack detection
function.
Table 1-5 Configure the ARP attack detection function
Operation
Command
Remarks
Enter system view
system-view
—
Enable DHCP snooping
dhcp-snooping
Required
By default, the DHCP snooping
function is disabled.
Enter Ethernet port view
interface interface-type
interface-number
—
Specify the current port as a
trusted port
dhcp-snooping trust
Required
By default, after DHCP snooping is
enabled, all ports of a switch are
untrusted ports.
Quit to system view
quit
—
Enter VLAN view
vlan vlan-id
—