Auto-Mode Mff Configuration Example In A Ring Network - HPE FlexNetwork 7500 Series Security Configuration Manual

Auto-mode MFF configuration example in a ring network

Network requirements
As shown in
and C obtain IP addresses from the DHCP server.
Configure MFF to isolate the hosts at Layer 2 and allow them to communicate with each other
through the gateway at Layer 3.
Figure 141 Network diagram
GE1/0/1
Host A
GE1/0/2
Host B
Host C
Configuration procedure
1. Configure the IP addresses of the gateway and the DHCP server, as shown in
2. Configure Switch A:
# Enable DHCP snooping.
<SwitchA> system-view
[SwitchA] dhcp snooping enable
# Enable STP globally to make sure STP is enabled on interfaces.
[SwitchA] stp global enable
# Enable MFF in automatic mode on VLAN 100.
[SwitchA] vlan 100
[SwitchA-vlan100] mac-forced-forwarding auto
[SwitchA-vlan100] quit
# Assign IP address 10.1.1.50 to the DHCP server.
[SwitchA-vlan100] mac-forced-forwarding server 10.1.1.50
# Configure GigabitEthernet 1/0/2 as a network port.
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] mac-forced-forwarding network-port
# Configure GigabitEthernet 1/0/2 as a DHCP snooping trusted port.
[SwitchA-GigabitEthernet1/0/2] dhcp snooping trust
[SwitchA-GigabitEthernet1/0/2] quit
# Configure GigabitEthernet 1/0/3 as a network port.
[SwitchA] interface gigabitethernet 1/0/3
[SwitchA-GigabitEthernet1/0/3] mac-forced-forwarding network-port
# Configure GigabitEthernet 1/0/3 as a DHCP snooping trusted port.
[SwitchA-GigabitEthernet1/0/3] dhcp snooping trust
Figure 141, all the devices are in VLAN 100, and the switches form a ring. Hosts A, B,
Switch A
GE1/0/2 GE1/0/1
GE1/0/3 GE1/0/3
GE1/0/1
GE1/0/3
Switch B
GE1/0/4
Switch C
GE1/0/2 10.1.1.100/24
461
Gateway
DHCP server
Device
10.1.1.50/24
Figure 141.