Basic Concepts; Network Port; Operation Modes - HP 3600 v2 Series Security Configuration Manual
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (449 pages) ,
- Installation manual (62 pages)
Table of Contents
Advertisement
NOTE:
For more information about DHCP snooping, see
•
•
For more information about ARP snooping, see
For more information about IP source guard, see the chapter "IP source guard configuration."
•
For more information about ARP detection, see the chapter "ARP attack protection configuration."
•
For more information about VLAN mappings, see
•
An MFF-enabled device and a host cannot ping each other.
•
Basic concepts
A device with MFF enabled provides two types of ports: user port and network port.
User port
An MFF user port is directly connected to a host and processes the following packets differently:
Allows DHCP packets and multicast packets to pass.
•
Delivers ARP packets to the CPU.
•
•
After learning gateways' MAC addresses, a user port allows only the unicast packets with the
gateways' MAC addresses as the destination MAC addresses to pass. If no gateways' MAC
addresses are learned, a user port discards all received unicast packets.
Network port
An MFF network port is connected to a networking device, such as an access switch, a distribution switch
or a gateway. A network port processes the following packets differently:
Allows multicast packets and DHCP packets to pass.
•
Delivers ARP packets to the CPU.
•
•
Denies broadcast packets.
NOTE:
You need to configure the following ports as network ports: upstream ports connected to a gateway,
•
ports connected to the downstream MFF devices in a cascaded network (a network with multiple MFF
devices connected to one another), and ports between devices in a ring network.
A network port is not always an upstream port.
•
If you enable MFF for a VLAN, each port in the VLAN must be an MFF network or user port.
•
•
Link aggregation is supported by network ports in an MFF-enabled VLAN, but is not supported by user
ports in the VLAN. You can add network ports to link aggregation groups, but cannot add user ports to
link aggregation groups. For more information about link aggregation, see
Configuration Guide
Operation modes
Manual mode
The manual mode applies to the case where IP addresses are statically assigned to the hosts, and the
hosts cannot obtain the gateway information through DHCP. A VLAN maintains only the MAC address
of the default gateway.
.
362
Layer 3—IP Services Configuration Guide
Layer 3—IP Services Configuration Guide
Layer 2—LAN Switching Configuration Guide
.
.
.
Layer 2—LAN Switching
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
