HPE FlexNetwork 7500 Series Security Configuration Manual page 478
Hide thumbs
Also See for FlexNetwork 7500 Series:
- Security configuration manual (506 pages) ,
- Command reference manual (474 pages) ,
- Network management and monitoring command reference (430 pages)
Table of Contents
Advertisement
Configure MFF to isolate the hosts at Layer 2 and allow them to communicate with each other
through the gateway at Layer 3.
Figure 143 Network diagram
GE1/0/1
Host A
10.1.1.1/24
GE1/0/2
Host B
10.1.1.2/24
Host C
10.1.1.3/24
Configuration procedure
1.
Configure the IP addresses of the hosts and the gateway, as in shown in
2.
Configure Switch A:
# Enable STP globally to make sure STP is enabled on interfaces.
[SwitchA] stp global enable
# Configure manual-mode MFF on VLAN 100.
[SwitchA] vlan 100
[SwitchA-vlan100] mac-forced-forwarding default-gateway 10.1.1.100
# Specify the IP address of the server.
[SwitchA-vlan100] mac-forced-forwarding server 10.1.1.200
# Enable ARP snooping on VLAN 100.
[SwitchA-vlan100] arp snooping enable
[SwitchA-vlan100] quit
# Configure GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 as network ports.
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] mac-forced-forwarding network-port
[SwitchA-GigabitEthernet1/0/2] quit
[SwitchA] interface gigabitethernet 1/0/3
[SwitchA-GigabitEthernet1/0/3] mac-forced-forwarding network-port
3.
Configure Switch B:
# Enable STP globally to make sure STP is enabled on interfaces.
[SwitchB] stp global enable
# Configure manual-mode MFF on VLAN 100.
[SwitchB] vlan 100
[SwitchB-vlan100] mac-forced-forwarding default-gateway 10.1.1.100
# Specify the IP address of the server.
[SwitchB-vlan100] mac-forced-forwarding server 10.1.1.200
# Enable ARP snooping on VLAN 100.
[SwitchB-vlan100] arp snooping enable
Switch A
GE1/0/2
GE1/0/1
GE1/0/3
GE1/0/3
GE1/0/1
GE1/0/3
Switch B
GE1/0/4
Switch C
GE1/0/2
10.1.1.100/24
464
Gateway
Server
10.1.1.200/24
Figure
143.
Advertisement
Table of Contents
Troubleshooting
