H3C Technologies H3C WX3000 Series Unified Switches User Manual

39-9

Figure 40-4

ARP attack detection configuration

GE1/0/3

Client B

GE1/0/2

Client A

DHCP Server

Switch A
DHCP Snooping

GE1/0/1

Configuration procedure

# Enable DHCP snooping on Switch A.

<SwitchA> system-view

[SwitchA] dhcp-snooping

# Specify GigabitEthernet 1/0/1 as the DHCP snooping trusted port and the ARP trusted port.

[SwitchA] interface gigabitethernet 1/0/1

[SwitchA-GigabitEthernet1/0/1] dhcp-snooping trust

[SwitchA-GigabitEthernet1/0/1] arp detection trust

[SwitchA-GigabitEthernet1/0/1] quit

# Enable ARP attack detection on all ports in VLAN 1.

[SwitchA] vlan 1

[SwitchA-vlan1] arp detection enable