Arp Detection Configuration Example Ii - HP 5120 SI Series Security Configuration Manual
Hide thumbs
Also See for 5120 SI Series:
- Command reference manual (395 pages) ,
- Installation manual (48 pages) ,
- Specification (33 pages)
Table of Contents
Advertisement
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] dhcp-snooping trust
[SwitchB-GigabitEthernet1/0/1] quit
# Enable ARP detection for VLAN 10.
[SwitchB] vlan 10
[SwitchB-vlan10] arp detection enable
# Configure the upstream port as a trusted port and the downstream ports as untrusted ports (a port is an
untrusted port by default).
[SwitchB-vlan10] interface gigabitethernet 1/0/1
[SwitchB-Gigabitethernet1/0/1] arp detection trust
[SwitchB-Gigabitethernet1/0/1] quit
# Configure a static IP Source Guard binding entry on interface GigabitEthernet 1/0/3.
[SwitchB] interface gigabitethernet 1/0/3
[SwitchB-GigabitEthernet1/0/3] user-bind ip-address 10.1.1.6 mac-address 0001-0203-0607
vlan 10
[SwitchB-GigabitEthernet1/0/3] quit
# Enable the checking of the MAC addresses and IP addresses of ARP packets.
[SwitchB] arp detection validate dst-mac ip src-mac
After the preceding configurations are complete, when ARP packets arrive at interfaces GigabitEthernet
1/0/2 and GigabitEthernet 1/0/3, their MAC and IP addresses are checked, and then the packets are
checked against the static IP Source Guard binding entries and finally DHCP snooping entries.
ARP detection configuration example II
Network requirements
As shown in
ARP detection for VLAN 10 to allow only packets from valid clients to pass. Configure Host A and Host
B as local 802.1X access users.
Figure 107 Network diagram for ARP detection configuration
Figure 1
12, configure Switch A as a DHCP server and Switch B to support 802.1X. Enable
312
Advertisement
Table of Contents
Troubleshooting
