To Next Page

To Previous Page

381

Configuration guideliens

Follow these guidelines when you configure user validity check:

• Static IP source guard binding entries are created by using the ip source binding command. For

more information, see "Configuring IP source guard."

• Dy

namic DHCP snooping entries are automatically generated by DHCP snooping. For more

information, see Layer 3—IP Services Configuration Guide.

• 802.1X security entries are generated by 802.1X. After a client passes 802.1X authentication and

uploads its IP address to an ARP detection enabled device, the device automatically generates an

802.1X security entry. Therefore, the 802.1X client must be able to upload its IP address to the device.

For more information, see "Configuring 802.1X."

• At least the configured rules, static IP source guard binding entries, DHCP snooping entries, or

802.1X security entries must be available for user validity check. Otherwise, ARP packets received

from ARP untrusted ports will be discarded, except the ARP packets with an OUI MAC address as

the sender MAC address when voice VLAN is enabled.

• You must specify a VLAN for an IP source guard binding entry. Otherwise, no ARP packets can

match the IP source guard binding entry.

Configuration procedure

To configure user validity check:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Set rules for user validity

check.

arp detection id-number { permit |

deny } ip { any | ip-address

[ ip-address-mask ] } mac { any |

mac-address [ mac-address-mask ] }

[ vlan vlan-id ]

Optional.

By default, no rule is configured.

3. Enter VLAN view.

vlan vlan-id N/A

4. Enable ARP detection for the

VLAN.

arp detection enable

ARP detection based on static IP

source guard binding

entries/DHCP snooping

entries/802.1X security

entries/OUI MAC addresses is

disabled by default.

5. Return to system view.

quit N/A

6. Enter Layer 2 Ethernet

interface/Layer 2 aggregate

interface view.

interface interface-type

interface-number

N/A

7. Configure the port as a

trusted port on which ARP

detection does not apply.

arp detection trust

Optional.

The port is an untrusted port by

default.

Configuring ARP packet validity check

Perform this task to enable validity check for ARP packets received on untrusted ports and specify the

following objects to be checked.

Brand	HP
Model	3600 v2 Series
Category	Switch
Language	English

HP 3600 v2 Series Configuration Guide

Table of Contents

Other manuals for HP 3600 v2 Series

Questions and Answers:

HP 3600 v2 Series Specifications

Related product manuals