HP 3600 v2 Series Configuration Manual page 400
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (441 pages) ,
- Security configuration manual (398 pages)
Table of Contents
Advertisement
2.
Configure DHCP address pool 0 on Switch A as a DHCP server.
<SwitchA> system-view
[SwitchA] dhcp enable
[SwitchA] dhcp server ip-pool 0
[SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0
3.
Configure the DHCP client on Hosts A and B. (Details not shown.)
4.
Configure Switch B.
# Enable DHCP snooping, and configure Ethernet 1/0/3 as a DHCP-trusted port.
<SwitchB> system-view
[SwitchB] dhcp-snooping
[SwitchB] interface ethernet 1/0/3
[SwitchB-Ethernet1/0/3] dhcp-snooping trust
[SwitchB-Ethernet1/0/3] quit
# Enable ARP detection.
[SwitchB] vlan 10
[SwitchB-vlan10] arp detection enable
# Configure Ethernet 1/0/3 as an ARP-trusted port.
[SwitchB-vlan10] interface ethernet 1/0/3
[SwitchB-Ethernet1/0/3] arp detection trust
[SwitchB-Ethernet1/0/3] quit
# Configure a static IP source guard binding entry on interface Ethernet 1/0/2.
[SwitchB] interface ethernet 1/0/2
[SwitchB-Ethernet1/0/2] ip source binding ip-address 10.1.1.6 mac-address
0001-0203-0607 vlan 10
[SwitchB-Ethernet1/0/2] quit
# Enable the checking of the MAC addresses and IP addresses of ARP packets.
[SwitchB] arp detection validate dst-mac ip src-mac
# Configure port isolation.
[SwitchB] interface ethernet 1/0/1
[SwitchB-Ethernet1/0/1] port-isolate enable
[SwitchB-Ethernet1/0/1] quit
[SwitchB] interface ethernet 1/0/2
[SwitchB-Ethernet1/0/2] port-isolate enable
[SwitchB-Ethernet1/0/2] quit
After the preceding configurations are complete, ARP packets received on interfaces Ethernet
1/0/1 and Ethernet 1/0/2 have their MAC and IP addresses checked first, and then are checked
against the static IP source guard binding entries and finally DHCP snooping entries. However,
ARP broadcast requests sent from Host A can pass the check on Switch B and reach Host B. Port
isolation fails.
# Configure ARP restricted forwarding.
[SwitchB] vlan 10
[SwitchB-vlan10] arp restricted-forwarding enable
[SwitchB-vlan10] quit
After the configuration, Switch B forwards ARP broadcast requests from Host A to Switch A
through the trusted port Ethernet 1/0/3, and thus Host B cannot receive such packets. Port
isolation works normally.
387
Advertisement
Table of Contents
Troubleshooting
