[SwitchB-GigabitEthernet1/0/3] quit
After the configurations are completed, ARP packets received on interfaces GigabitEthernet
1/0/1 and GigabitEthernet 1/0/2 are checked against 802.1X entries.
User validity check and ARP packet validity check
configuration example
Network requirements
As shown in
check based on static IP source guard binding entries and DHCP snooping entries for connected
hosts.
Figure 129 Network diagram
Configuration procedure
1.
Add all interfaces on Switch B to VLAN 10, and specify the IP address of VLAN-interface 10 on
Switch A. (Details not shown.)
2.
Configure the DHCP server on Switch A, and configure DHCP address pool 0.
<SwitchA> system-view
[SwitchA] dhcp enable
[SwitchA] dhcp server ip-pool 0
[SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0
3.
Configure Host A (DHCP client) and Host B. (Details not shown.)
4.
Configure Switch B:
# Enable DHCP snooping.
<SwitchB> system-view
[SwitchB] dhcp snooping enable
[SwitchB] interface gigabitethernet 1/0/3
[SwitchB-GigabitEthernet1/0/3] dhcp snooping trust
[SwitchB-GigabitEthernet1/0/3] quit
# Enable recording of client information in DHCP snooping entries on GigabitEthernet 1/0/1.
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] dhcp snooping binding record
Figure
129, configure Switch B to perform ARP packet validity check and user validity
442