Basic Concepts; Mff Operation Modes - HPE FlexNetwork 5510 HI Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 5510 HI Series:
- Configuration manual (572 pages) ,
- Mpls configuration manual (505 pages) ,
- Layer 3 - ip routing configuration manual (486 pages)
Table of Contents
Advertisement
Basic concepts
An MFF-enabled device has two types of ports: user port and network port.
User port
An MFF user port is directly connected to a host and processes the following packets differently:
•
Allows multicast packets to pass.
•
Delivers ARP packets to the CPU.
•
After learning gateways' MAC addresses, a user port allows only the unicast packets with the
gateways' MAC addresses as the destination MAC addresses to pass. If no gateways' MAC
addresses are learned, a user port discards all received unicast packets.
Network port
An MFF network port is connected to any of the following networking devices:
•
An access switch.
•
A distribution switch.
•
A gateway.
•
A server.
A network port processes the following packets differently:
•
Allows multicast packets to pass.
•
Delivers ARP packets to the CPU.
•
Denies broadcast packets other than DHCP and ARP packets.
You need to configure the following ports as network ports:
•
Upstream ports connected to a gateway.
•
Ports connected to the MFF devices in a cascaded network (a network with multiple MFF
devices connected to one another).
•
Ports between devices in a ring network.
Link aggregation is supported by network ports in an MFF-enabled VLAN, but it is not supported by
user ports in the VLAN. You can add the network ports to link aggregation groups, but cannot add the
user ports to link aggregation groups. For more information about link aggregation, see Layer
2—LAN Switching Configuration Guide.
NOTE:
• A network port is not always an upstream port.
• If you enable MFF for a VLAN, each port in the VLAN must be a network or user port.
MFF operation modes
Manual mode
The manual mode applies to networks where the hosts' IP addresses are manually configured. The
hosts cannot obtain the gateway information through DHCP. A VLAN maintains only the MAC
address of the default gateway.
After receiving an ARP request for a host's MAC address from the gateway, the MFF device directly
replies the host's MAC address to the gateway according to the ARP snooping entries. After learning
the gateway's MAC address, the MFF device updates the MAC address upon receiving an ARP
packet with a different sender MAC address from the default gateway.
432
- Quick Links:
- Radius
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
