HP 2610 User Manual page 34
Version r.11.25 software procurve 2610 series
Hide thumbs
Also See for 2610:
- Installation and getting started manual (112 pages) ,
- Selection manual (2 pages) ,
- Advanced traffic management manual (364 pages)
Table of Contents
Advertisement
Enhancements
Release R.11.12 Enhancements
Supports additional checks to verify source MAC address, destination MAC address, and IP
■
address.
ARP packets that contain invalid IP addresses or MAC addresses in their body that do not match
the addresses in the Ethernet header are dropped.
When dynamic ARP protection is enabled, only ARP request and reply packets with valid IP-to-MAC
address bindings in their packet header are relayed and used to update the ARP cache.
Dynamic ARP protection is implemented in the following ways on a switch:
■
You can configure dynamic ARP protection only from the CLI; you cannot configure this feature
from the web or menu interfaces.
Line rate—Dynamic ARP protection copies ARP packets to the switch CPU, evaluates the
■
packets, and then re-forwards them through the switch software. During this process, if ARP
packets are received at too high a line rate, some ARP packets may be dropped and will need to
be retransmitted.
■
The SNMP MIB, HP-ICF-ARP-PROTECT-MIB, is created to configure dynamic ARP protection
and to report ARP packet-forwarding status and counters.
Enabling Dynamic ARP Protection
To enable dynamic ARP protection for VLAN traffic on a routing switch, enter the arp protect vlan
command at the global configuration level.
Syntax: [no] arp protect vlan [vlan-range]
vlan-range
An example of the arp protect vlan command is shown here:
ProCurve(config)# arp protect vlan 1-101
Configuring Trusted Ports
In a similar way to DHCP snooping, dynamic ARP protection allows you to configure VLAN interfaces
in two categories: trusted and untrusted ports. ARP packets received on trusted ports are forwarded
without validation.
By default, all ports on a switch are untrusted. If a VLAN interface is untrusted:
The switch intercepts all ARP requests and responses on the port.
■
■
Each intercepted packet is checked to see if its IP-to-MAC binding is valid. If a binding is invalid,
the switch drops the packet.
29
Specifies a VLAN ID or a range of VLAN IDs from
one to 4094; for example, 1–200.
Hide quick links:
Advertisement
Table of Contents
