User Validity Check And Arp Packet Validity Check Configuration Example - HP 5500 HI Series Configuration Manual

2. Configure Switch A as a DHCP server:
# Configure DHCP address pool 0.
<SwitchA> system-view
[SwitchA] dhcp enable
[SwitchA] dhcp server ip-pool 0
[SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0
3. Configure Host A and Host B as 802.1X clients and configure them to upload IP addresses for ARP
detection. (Details not shown.)
4. Configure Switch B:
# Enable the 802.1X function.
<SwitchB> system-view
[SwitchB] dot1x
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] dot1x
[SwitchB-GigabitEthernet1/0/1] quit
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] dot1x
[SwitchB-GigabitEthernet1/0/2] quit
# Add local access user test.
[SwitchB] local-user test
[SwitchB-luser-test] service-type lan-access
[SwitchB-luser-test] password simple test
[SwitchB-luser-test] quit
# Enable ARP detection for VLAN 10.
[SwitchB] vlan 10
[SwitchB-vlan10] arp detection enable
# Configure the upstream port as a trusted port and the downstream ports as untrusted ports (a port
is an untrusted port by default).
[SwitchB-vlan10] interface gigabitethernet 1/0/3
[SwitchB-GigabitEthernet1/0/3] arp detection trust
[SwitchB-GigabitEthernet1/0/3] quit
After the preceding configurations are complete, when ARP packets arrive at interfaces
GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2, they are checked against 802.1X security
entries.
User validity check and ARP packet validity check
configuration example
Network requirements
Configure Switch B to perform ARP packet validity check and user validity check based on static IP source
guard binding entries and DHCP snooping entries for connected hosts.
381