User Validity Check And Arp Packet Validity Check Configuration Example - HPE FlexNetwork 10500 Series Security Configuration Manual

User validity check and ARP packet validity check
configuration example
Network requirements
As shown in
check based on static IP source guard bindings and DHCP snooping entries for connected hosts.
Figure 140 Network diagram
Device A
DHCP snooping
Device B
GE1/0/1
Host A
DHCP client
Configuration procedure
1. Add all interfaces on Device B to VLAN 10, and specify the IP address of VLAN-interface 10 on
Device A. (Details not shown.)
2. Configure the DHCP server on Device A, and configure DHCP address pool 0.
<DeviceA> system-view
[DeviceA] dhcp enable
[DeviceA] dhcp server ip-pool 0
[DeviceA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0
3. Configure Host A (DHCP client) and Host B. (Details not shown.)
4. Configure Device B:
# Enable DHCP snooping.
<DeviceB> system-view
[DeviceB] dhcp snooping enable
[DeviceB] interface gigabitethernet 1/0/3
[DeviceB-GigabitEthernet1/0/3] dhcp snooping trust
[DeviceB-GigabitEthernet1/0/3] quit
# Enable recording of client information in DHCP snooping entries on GigabitEthernet 1/0/1.
[DeviceB] interface gigabitethernet 1/0/1
[DeviceB-GigabitEthernet1/0/1] dhcp snooping binding record
[DeviceB-GigabitEthernet1/0/1] quit
# Enable ARP attack detection for VLAN 10.
[DeviceB] vlan 10
[DeviceB-vlan10] arp detection enable
Figure 140, configure Device B to perform ARP packet validity check and user validity
Gateway
DHCP server
GE1/0/3
Vlan-int10
10.1.1.1/24
VLAN 10
GE1/0/3
GE1/0/2
Host B
10.1.1.6
0001-0203-0607
525