H3C Technologies H3C S12500-X Series Switches User Manual

228

314B

User validity check and ARP packet validity check
configuration example

539B

Network requirements

As shown in

933H

Figure 72

, configure Switch B to perform ARP packet validity check and user validity check

based on static IP source guard binding entries and DHCP snooping entries for connected hosts.

Figure 72 Network diagram

540B

Configuration procedure

1.

Add all interfaces on Switch B to VLAN 10, and specify the IP address of VLAN-interface 10 on

Switch A. (Details not shown.)

2.

Configure the DHCP server on Switch A, and configure DHCP address pool 0.

<SwitchA> system-view

[SwitchA] dhcp enable

[SwitchA] dhcp server ip-pool 0

[SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0

3.

Configure Host A (DHCP client) and Host B. (Details not shown.)

4.

Configure Switch B:
# Enable DHCP snooping.

<SwitchB> system-view

[SwitchB] dhcp snooping enable

[SwitchB] interface ten-gigabitethernet 1/0/3

[SwitchB-Ten-GigabitEthernet1/0/3] dhcp snooping trust

[SwitchB-Ten-GigabitEthernet1/0/3] quit

[SwitchB] interface ten-gigabitethernet 1/0/1

[SwitchB-Ten-GigabitEthernet1/0/1] dhcp snooping binding record

[SwitchB-Ten-GigabitEthernet1/0/1] quit

# Enable ARP detection for VLAN 10.

[SwitchB] vlan 10

Switch A

Switch B

Host A

Host B

XGE1/0/3
Vlan-int10
10.1.1.1/24

Gateway
DHCP server

XGE1/0/1

XGE1/0/3

XGE1/0/2

DHCP client

VLAN 10

DHCP snooping

10.1.1.6

0001-0203-0607