Operation Manual – ARPH3C S3100 Series Ethernet Switches Chapter 1 ARP Configuration1-131.5.2 ARP Attack Detection and Packet Rate Limit Configuration ExampleI. Network requirementsAs shown in Figure 1-4, Ethernet1/0/1 of Switch A (S3100-EI) connects to DHCPServer; Ethernet1/0/2 connects to Client A, Ethernet1/0/3 connects to Client B.Ethernet1/0/1, Ethernet1/0/2 and Ethernet1/0/3 belong to VLAN 1.z Enable DHCP snooping on Switch A and specify Ethernet1/0/1 as the DHCPsnooping trusted port.z Enable ARP attack detection in VLAN 1 to prevent ARP man-in-the-middle attacks,and specify Ethernet1/0/1 as the ARP trusted port.z Enable the ARP packet rate limit function on Ethernet1/0/2 and Ethernet1/0/3 ofSwitch A, so as to prevent Client A and Client B from attacking Switch A throughARP traffic.z Enable the port state auto recovery function on the ports of Switch A, and set therecovery interval to 200 seconds.II. Network diagramFigure 1-4 ARP attack detection and packet rate limit configurationIII. Configuration procedure# Enable DHCP snooping on Switch A. system-view[SwitchA] dhcp-snooping# Specify Ethernet1/0/1 as the DHCP snooping trusted port and the ARP trusted port.[SwitchA] interface Ethernet1/0/1[SwitchA-Ethernet1/0/1] dhcp-snooping trust[SwitchA-Ethernet1/0/1] arp detection trust[SwitchA-Ethernet1/0/1] quit