HP 12500 Series Configuration Manual page 291
Routing
Hide thumbs
Also See for 12500 Series:
- Configuration manual (402 pages) ,
- Network management and monitoring command reference (320 pages) ,
- Command reference manual (157 pages)
Table of Contents
Advertisement
# Enable the checking of the MAC addresses and IP addresses of ARP packets.
[SwitchB] arp detection validate dst-mac ip src-mac
# Create isolation group 2.
[SwitchB] port-isolate group 2
# Add GigabitEthernet 3/0/1 and GigabitEthernet 3/0/2 to isolation group 2.
[SwitchB] interface GigabitEthernet 3/0/1
[SwitchB-GigabitEthernet3/0/1] port-isolate enable group 2
[SwitchB-GigabitEthernet3/0/1] quit
[SwitchB] interface GigabitEthernet 3/0/2
[SwitchB-GigabitEthernet3/0/2] port-isolate enable group 2
[SwitchB-GigabitEthernet3/0/2] quit
After the preceding configurations are complete, when ARP packets arrive at interfaces
GigabitEthernet 3/0/1 and GigabitEthernet 3/0/2, their MAC and IP addresses are checked,
and then the packets are checked against the static IP source guard binding entries and finally
DHCP snooping entries. However, ARP broadcast requests sent from Host A can pass the check on
Switch B. Port isolation fails.
# Configure ARP restricted forwarding.
[SwitchB] vlan 10
[SwitchB-vlan10] arp restricted-forwarding enable
[SwitchB-vlan10] quit
Then, Switch B forwards ARP broadcast requests from Host A to Switch A through the trusted port
GigabitEthernet 3/0/3, and thus Host B cannot receive such packets. Port isolation works
normally.
281
Advertisement
Table of Contents
Troubleshooting
