H3C Low-End Ethernet Switches Configuration ExamplesARP Attack Prevention Chapter 2 Configuration Examples2-7z You can configure an uplink port on a switch as trusted or untrusted to flexiblyimplement ARP attack detection for ARP requests and replies received on the port.The ARP packets received from an ARP trusted port are not detected, while theARP packets received from other ports are detected based on the DHCP snoopingtable and IP static bindings.z You are not recommended to configure ARP attack detection or ARP packet ratelimit on a port of an aggregation group.2.2 Configuration Example for ARP Attack Prevention inAuthentication Mode2.2.1 Network RequirementsIn a campus network as shown in the following figure, the hosts are connected to thegateway and servers through access switches. The administrator needs to configurethe gateway’s IP-to-MAC binding on the CAMS server for the clients to preventgateway spoofing attacks. The network requirements are as follows:z The hosts can be configured with IP addresses statically or obtain IP addressesthrough DHCP. You need to install 802.1x client software on the hosts so that thehosts need to pass 802.1x authentication before accessing the network.z The H3C CAMS server serves as an authentication, authorization, and accountingserver that provides the gateway’s IP-to-MAC binding to clients to preventgateway spoofing attacks.z You need to configure 802.1x and AAA on the access switches.