ARP packet checking against the binding table on S series switches

16

On S series switches (except S1700 switches), run the arp anti-attack check user-bind enable command in an interface view or the VLAN view to enable ARP packet checking against the binding table.
After the preceding configuration, the device checks whether the ARP packets passing through an interface or a VLAN match the binding table. Only the ARP packets match the binding table are forwarded. This function prevents ARP packets from unauthorized users from entering the external network through the switch and protects authorized users against interference or spoofing.

Other related questions:
Types of packets checked by S series switches with IPSG enabled
For S series switches (except S1700 switches), IPSG takes effect only for IP packets (except DHCP packets) but not for packets of other types such as ARP or PPPoE. With IPSG enabled, an S series switch checks only IPv4 packets in versions earlier than V200R001 and checks all IPv4 and IPv6 packets in V200R001 and later versions.

Check binding tables for IPSG on S series switches
You can check binding tables for IPSG on S series switches (except S1700 switches) as follows: 1. Run the display dhcp static user-bind all command to check static binding entries. 2. Run the display dhcp snooping user-bind all command to check dynamic DHCP snooping binding entries.

Specifications of IPSG table entries on S series switches
Hi, I cannot answer this question. For details about product specifications, click http://e.huawei.com/en/service-hotline to look up the contact method of your local customer service engineers.

Options in binding tables configured for IPSG on S series switches
Options in binding tables configured for IPSG on S series switches (except S1700 switches) include the following: With IPSG enabled, an S series switch (except the S1700) checks IP packets against options in a binding table, which can be combinations of source IP addresses, source MAC addresses, VLANs, and interfaces. The following bindings can be configured in an interface view: Interface and IP address Interface and MAC address Interface, IP address, and MAC address Interface, IP address, and VLAN Interface, MAC address, and VLAN Interface, IP address, MAC address, and VLAN The following bindings can be configured in a VLAN view: VLAN and IP address VLAN and MAC address VLAN, IP address, and MAC address VLAN, IP address, and interface VLAN, MAC address, and interface VLAN, IP address, MAC address, and interface

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top