Page 1
ZTE SEC IPv4 instructions All Rights reserved, No Spreading abroad without Permission of ZTE...
Page 2
All Rights reserved, No Spreading abroad without Permission of ZTE...
Page 3
Table of Contents EQUIPMENTS FOR CERTIFICATION ...................... 4 TEST INSTRUCTION FOR 5900E ......................5 TEST INSTRUCTION FOR ZXR10 8900 ....................9 All Rights reserved, No Spreading abroad without Permission of ZTE...
Equipments for Certification The certified equipments are ZTE two types of Switches: ZXR10 5900E and ZXR10 8900 series. ZXR10 5900E series MPLS Easy-Maintenance switch adopts high-speed ASIC forwarding chips. It supports complete family of Ethernet protocols, complete L3/MPLS protocols, efficient QOS priority mechanisms and flexible management mechanisms.
Step2:Enable dhcp-snooping on global ZXR10(config)#ip dhcp snooping enable Step3:Enable DHCP snooping on vlan and assign Uplink port as trusted port ZXR10(config)#ip dhcp snooping vlan 100 ZXR10(config)#ip dhcp snooping trust gei_1/1 All Rights reserved, No Spreading abroad without Permission of ZTE...
Page 6
MAC:0022.3245.0005 Discard Ip:10.1.1.5 MAC:0017.314c.0001 DHCP server IP:10.1.1.15 MAC:0056.3200.0002 _ Setup Step1 :Enable DHCP Snooping function same as case A Step2: Enable ARP inspection on vlan ZXR10(config)#vlan 100 ZXR10(config-vlan100)#ip arp inspection All Rights reserved, No Spreading abroad without Permission of ZTE...
_ Setup Step1:Enable DHCP snooping function same as case A. Step2: Enable IP Souce guard on port ZXR10(config-gei_1/2)#ip dhcp snnoping ip-source-guard mac-ip-base Step3: Configure Static user binding table entry on vlan All Rights reserved, No Spreading abroad without Permission of ZTE...
Step1: Configure port isolation session on global ZXR10(config)#vlan private-map session-id 1 solate gei_1/1, gei_1/3 G. ACLs The ZTE Series has full support port-based advanced ipv4/ipv6/L2 header ACLs The following example describes how to utilize on acl to block inbound special Source ip address;...
_ Setup Step1 enable DHCP snooping function same as Case A Step2:enable option 82 on global ZXR10(config)# p dhcp snooping information option C. ARP source check Configuration Procedure _ Topology All Rights reserved, No Spreading abroad without Permission of ZTE...
Step2: Enable IP Souce guard on port ZXR10(config-gei_1/2)#ip dhcp snnoping ip-source-guard mac-ip-base Step3: Configure Static user binding table entry on vlan ZXR10(config)#ip dhcp snooping binding 001f.c674.15a8 vlan 10 10.10.40.100 gei_1/3 expiry 3600 All Rights reserved, No Spreading abroad without Permission of ZTE...
Step1: Configure port isolation session on global ZXR10(config)#vlan private-map session-id 1 solate gei_1/1, gei_1/3 G. ACLs The ZTE Series has full support port-based advanced ipv4/ipv6/L2 header ACLs The following example describes how to utilize on acl to block inbound special Source ip address;...
ZXR10(config)#acl standard number 10 ZXR10(config-std-acl)#rule 1 deny 192.168.1.100 0.0.0.0 Step2:enable ACL on port inbind ZXR10 (config-fei_1/2)#ip access-group 1 in All Rights reserved, No Spreading abroad without Permission of ZTE...