EasyManuals Logo
Home>HP>Switch>3600 v2 Series

HP 3600 v2 Series Security Configuration Guide

HP 3600 v2 Series
398 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #354 background imageLoading...
Page #354 background image
343
Configuration procedure
1. Add all the ports on Switch B to VLAN 10, and configure the IP address of VLAN-interface 10 on
Switch A. (Details not shown)
2. Configure Switch A as a DHCP server
# Configure DHCP address pool 0.
<SwitchA> system-view
[SwitchA] dhcp enable
[SwitchA] dhcp server ip-pool 0
[SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0
3. Configure Host A as DHCP client, and Host B as user respectively. (Details not shown)
4. Configure Switch B
# Enable DHCP snooping.
<SwitchB> system-view
[SwitchB] dhcp-snooping
[SwitchB] interface ethernet 1/0/3
[SwitchB-Ethernet1/0/3] dhcp-snooping trust
[SwitchB-Ethernet1/0/3] quit
# Enable ARP detection for VLAN 10.
[SwitchB] vlan 10
[SwitchB-vlan10] arp detection enable
# Configure the upstream port as a trusted port and the downstream ports as untrusted ports (a port is an
untrusted port by default).
[SwitchB-vlan10] interface ethernet 1/0/3
[SwitchB-Ethernet1/0/3] arp detection trust
[SwitchB-Ethernet1/0/3] quit
# Configure a static IP source guard binding entry on interface Ethernet 1/0/2.
[SwitchB] interface ethernet 1/0/2
[SwitchB-Ethernet1/0/2] ip source binding ip-address 10.1.1.6 mac-address 0001-0203-0607
[SwitchB-Ethernet1/0/2] quit
# Enable the checking of the MAC addresses and IP addresses of ARP packets.
[SwitchB] arp detection validate dst-mac ip src-mac
After the preceding configurations are complete, when ARP packets arrive at interfaces Ethernet 1/0/1
and Ethernet 1/0/2, their MAC and IP addresses are checked, and then the packets are checked
against the static IP source guard binding entries and finally DHCP snooping entries.
ARP restricted forwarding configuration example
Network requirements
As shown in Figure 130, Switch A acts as a DHCP server. Host A acts as a DHCP client. Host B’s IP
address is 10.1.1.6, and its MAC address is 0001-0203-0607. Port isolation configured on Switch B
isolates the two hosts at Layer 2, which can communicate with the gateway Switch A. Ethernet 1/0/1,
Ethernet 1/0/2 and Ethernet 1/0/3 belong to VLAN 10. Switch B is enabled with DHCP snooping, and
has ARP detection enabled in VLAN 10.
Configure Switch B to still perform port isolation on ARP broadcast requests.

Table of Contents

Other manuals for HP 3600 v2 Series

Preview: Command Reference
Command Reference479 pages
Preview: Installation Guide
Installation Guide62 pages
Preview: Compliance And Safety Manual
Compliance And Safety Manual51 pages
Preview: Configuration Guide
Configuration Guide449 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP 3600 v2 Series and is the answer not in the manual?

HP 3600 v2 Series Specifications

General IconGeneral
BrandHP
Model3600 v2 Series
CategorySwitch
LanguageEnglish

Related product manuals