R3303-HP HSR6800 Routers Security Configuration Guide
44
# Configure the upstream port as an ARP-trusted port (a port is an untrusted port by default).
[RouterB-vlan10] interface gigabitethernet 3/0/3
[RouterB-GigabitEthernet3/0/3] port link-mode bridge
[RouterB-GigabitEthernet3/0/3] arp detection trust
[RouterB-GigabitEthernet3/0/3] quit
After the configurations are completed, ARP packets received on interfaces GigabitEthernet
3/0/1 and GigabitEthernet 3/0/2 are checked against 802.1X entries.
User validity check and ARP packet validity check
configuration example
Network requirements
As shown in Figure 141,
• Configure the DHCP server on Router A.
• Configure DHCP snooping on Router B.
• Configure a static IP source guard binding entry for Host B on Router B.
• Enable ARP detection and ARP packet validity check in VLAN 10.
Figure 141 Network diagram
Configuration procedure
1. Add all ports on Router B to VLAN 10, and configure the IP address of VLAN-interface 10 on
Router A. (Details not shown.)
2. Configure Router A as a DHCP server:
<RouterA> system-view
[RouterA] dhcp enable
[RouterA] dhcp server ip-pool 0
[RouterA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0
3. Configure the DHCP client on Host A and Host B. (Details not shown.)
4. Configure Router B: