User's Manual
332
44.1.5 Enabling/Disabling Binding Table Fast Update Function
This function is disabled by default. When this function is disabled and a port has been bound to client A, the
DHCP request of the same MAC address on other ports will be regarded as a fake MAC attack even if client
A is off line.
When this function is enabled, the above-mentioned case will not occur.
It is recommended to use this function in case that a client frequently changes its port and address lease,
distributed by DHCP server, cannot be modified to a short period of time.
Command Operation
ip dhcp-relay snooping
rapid-refresh-bind
Enables the fast update function of the binding table.
no ip dhcp-relay snooping
rapid-refresh-bind
Disables the fast update function of the binding table.
44.1.6 Enabling DAI in a VLAN
When dynamic ARP monitoring is conducted in all physical ports of a VLAN, a received ARP packet will be
rejected if the source MAC address and the source IP address of this packet do not match up with the
configured MAC-IP binding relationship. The binding relationship on an interface can be dynamically bound by
DHCP or configured manually. If no MAC addresses are bound to IP addresses on a physical interface, the
switch rejects forwarding all ARP packets.
Command Operation
ip arp inspection vlan vlanid
Enables dynamic ARP monitoring on all distrusted ports in
a VLAN.
no ip arp inspection vlan
vlanid
Disables dynamic ARP monitoring on all distrusted ports in
a VLAN.
44.1.7 Setting an Interface to an ARP-Trusting Interface
ARP monitoring is not enabled on those trusted interfaces. The interfaces are distrusted ones by default.
Run the following commands in interface configuration mode.
Command Operation
arp inspection trust
Setting an Interface to an ARP-
Trusting Interface
no arp inspection trust
Resumes an interface to an ARP-
distrusting interface.
44.1.8 Enabling Source IP Address Monitoring in a VLAN
After source IP address monitoring is enabled in a VLAN, IP packets received from all physical ports in the