EasyManuals Logo
Home>HP>Switch>3600 v2 Series

HP 3600 v2 Series Security Configuration Guide

HP 3600 v2 Series
398 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #373 background imageLoading...
Page #373 background image
362
NOTE:
For more information about DHCP snooping, see
Layer 3IP Services Configuration Guide
.
For more information about ARP snooping, see
Layer 3IP Services Configuration Guide
.
For more information about IP source guard, see the chapter “IP source guard configuration.
For more information about ARP detection, see the chapter “ARP attack protection configuration.
For more information about VLAN mappings, see
Layer 2—LAN Switching Configuration Guide
.
An MFF-enabled device and a host cannot ping each other.
Basic concepts
A device with MFF enabled provides two types of ports: user port and network port.
User port
An MFF user port is directly connected to a host and processes the following packets differently:
Allows DHCP packets and multicast packets to pass.
Delivers ARP packets to the CPU.
After learning gateways’ MAC addresses, a user port allows only the unicast packets with the
gateways’ MAC addresses as the destination MAC addresses to pass. If no gateways’ MAC
addresses are learned, a user port discards all received unicast packets.
Network port
An MFF network port is connected to a networking device, such as an access switch, a distribution switch
or a gateway. A network port processes the following packets differently:
Allows multicast packets and DHCP packets to pass.
Delivers ARP packets to the CPU.
Denies broadcast packets.
NOTE:
You need to configure the following ports as network ports: upstream ports connected to a gateway,
ports connected to the downstream MFF devices in a cascaded network (a network with multiple MFF
devices connected to one another), and ports between devices in a ring network.
A network port is not always an upstream port.
If you enable MFF for a VLAN, each port in the VLAN must be an MFF network or user port.
Link aggregation is supported by network ports in an MFF-enabled VLAN, but is not supported by user
ports in the VLAN. You can add network ports to link a
gg
re
g
ation
g
roups, but cannot add user ports to
link aggregation groups. For more information about link aggregation, see
Layer 2—LAN Switching
Configuration Guide
.
Operation modes
Manual mode
The manual mode applies to the case where IP addresses are statically assigned to the hosts, and the
hosts cannot obtain the gateway information through DHCP. A VLAN maintains only the MAC address
of the default gateway.

Table of Contents

Other manuals for HP 3600 v2 Series

Preview: Command Reference
Command Reference479 pages
Preview: Installation Guide
Installation Guide62 pages
Preview: Compliance And Safety Manual
Compliance And Safety Manual51 pages
Preview: Configuration Guide
Configuration Guide449 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP 3600 v2 Series and is the answer not in the manual?

HP 3600 v2 Series Specifications

General IconGeneral
BrandHP
Model3600 v2 Series
CategorySwitch
LanguageEnglish

Related product manuals