Enabling anti-spoofing on both the global and port level results in snooping frames, but it does not necessarily result in any actions being taken on IP address binding violations. For this, port classes must be defined and ports added to the appropriate port class. Port classes are configured with thresholds and actions, and potentially an action value. Currently, up to 3 port classes can be configured on the switch.
Up to 6 thresholds can be configured per port class, and each threshold can be assigned one of the following actions: sending SYSLOG messages, sending SNMP notifications (traps), and applying the quarantine policy profile. Only the quarantine action can have an action value applied, which is the quarantine profile index. The quarantine profile must be configured independently, and no error checking occurs to ensure the policy profile is present.
Each port can be configured with a single class. If you only have a single anti-spoofing detection type enabled on the port, DHCP snooping for example, the class thresholds and actions can be set for that anti-spoofing detection type. If multiple anti-spoofing types are enabled on a port, DHCP snooping and dynamic ARP inspection for example, the class thresholds and actions must take into account any combination of anti-spoofing events for the configured anti-spoofing types.
If the quarantine action is specified, Extreme Networks highly recommends that you associate a valid quarantine profile with the quarantine action. Refer to the chapter entitled “Policy Configuration” in this book for information about configuring policy profiles and the chapter “Authentication Configuration” for information about using quarantine policies with the quarantine agent.