EasyManua.ls Logo

HP 5120 EI Switch Series User Manual

HP 5120 EI Switch Series
304 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #269 background imageLoading...
Page #269 background image
259
[DeviceB] display user-bind
Total entries found: 2
MAC Address IP Address VLAN Interface Type
0001-0203-0406 192.168.0.2 N/A N/A Static
0001-0203-0407 192.168.1.2 N/A N/A Static
Host A and Host B can ping each other.
Dynamic IPv4 source guard binding by DHCP snooping
configuration example
Network requirements
As shown in Figure 79, the device connects to the host (client) and the DHCP server through ports
GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 respectively.
Enable DHCP and DHCP snooping on the device, so that the host (with the MAC address of 0001-0203-
0406) can obtain an IP address through the DHCP server and the IP address and the MAC address of
the host can be recorded in a DHCP snooping entry.
Enable the dynamic IPv4 source guard binding function on port GigabitEthernet 1/0/1 of the device,
allowing only packets from a client that obtains an IP address through the DHCP server to pass.
NOTE:
For detailed configuration of a DHCP server, see the
Layer 3IP Services Configuration Guide.
Figure 79 Network diagram for configuring dynamic IPv4 source guard binding by DHCP snooping
Host
MAC:0001-0203-0406
Device DHCP server
GE1/0/2
GE1/0/1
Configuration procedure
1. Configure DHCP snooping
# Configure IP addresses for the interfaces. (details not shown)
# Enable DHCP snooping.
<Device> system-view
[Device] dhcp-snooping
# Configure port GigabitEthernet 1/0/2, which is connected to the DHCP server, as a trusted port.
[Device] interface gigabitethernet1/0/2
[Device-GigabitEthernet1/0/2] dhcp-snooping trust
[Device-GigabitEthernet1/0/2] quit
2. Configure the dynamic IPv4 source guard binding function
# Configure the dynamic IPv4 source guard binding function on port GigabitEthernet 1/0/1 to filter
packets based on both the source IP address and MAC address.
[Device] interface gigabitethernet1/0/1
[Device-GigabitEthernet1/0/1] ip check source ip-address mac-address

Table of Contents

Question and Answer IconNeed help?

Do you have a question about the HP 5120 EI Switch Series and is the answer not in the manual?

HP 5120 EI Switch Series Specifications

General IconGeneral
ModelHP 5120 EI Switch Series
LayerLayer 3
Forwarding Rate96 Mpps
MAC Address Table Size16K
Power SupplyInternal
ManagementCLI, Web GUI, SNMP
FeaturesIPv6 support
Routing ProtocolRIP, OSPF, BGP
Security FeaturesACLs
Layer 3 FeaturesOSPF, BGP, VRRP
RedundancyVRRP
Operating Temperature0°C to 45°C
SFP Slots4
VLAN Support4094
Jumbo Frames9216 bytes

Summary

AAA Configuration

RADIUS Protocol

HWTACACS Protocol

AAA Configuration Considerations and Task List

Outlines the tasks and considerations required for configuring AAA on a NAS device.

Configuring AAA Schemes

Details the process of configuring AAA schemes, including local, RADIUS, and HWTACACS schemes.

Configuring Local Users and Groups

Configuring RADIUS and HWTACACS Schemes

Describes configuring RADIUS and HWTACACS schemes, specifying servers, shared keys, and parameters.

Configuring AAA Methods for ISP Domains

Configuring AAA Authentication, Authorization, and Accounting Methods

Details the configuration of authentication, authorization, and accounting methods for users within an ISP domain.

802.1X Configuration

Configuring 802.1X

Provides steps for enabling 802.1X, setting access control, and configuring guest/Auth-Fail VLANs.

Enabling 802.1X and Access Control

Details enabling 802.1X globally and on ports, along with specifying access control methods.

MAC Authentication Configuration

MAC Authentication Configuration Task List

Lists tasks for configuring MAC authentication, including basic setup and examples.

Basic Configuration for MAC Authentication

Covers the basic steps for configuring MAC authentication globally and on ports.

MAC Authentication Configuration Examples

Portal Configuration

Configuring Layer 2 Portal Authentication

Details the steps to configure Layer 2 portal authentication, including VLAN assignment and Auth-Fail VLAN.

Portal Configuration Examples

Triple Authentication Configuration

Configuring Triple Authentication

Provides steps to configure triple authentication by enabling portal, MAC, and 802.1X authentication.

Triple Authentication Configuration Examples

Port Security Configuration

Port Security Features and Modes

Enabling Port Security and Setting Mode

Provides steps to enable port security and set its mode, like autoLearn or secure.

User Profile Configuration

User Profile Configuration Task List

Creating and Enabling User Profiles

Details creating and enabling user profiles to apply configurations and restrict user behaviors.

Password Control Configuration

Password Control Configuration Task List

Lists tasks for configuring password control, including global, group, and local user settings.

Configuring Password Control

Details enabling password control features like aging, history, and complexity checking.

Password Control Configuration Example

Public Key Configuration

Configuring the Local Asymmetric Key Pair

Details creating, destroying, displaying, and exporting local RSA or DSA key pairs.

Configuring a Peer Public Key

PKI Configuration

PKI Configuration Task List

Lists tasks for configuring PKI, including entity DN, PKI domain, and certificate requests.

Configuring an Entity DN and PKI Domain

Details configuring entity DN parameters and PKI domains for certificate requests.

Submitting and Retrieving Certificates

Explains submitting certificate requests in auto/manual modes and retrieving certificates.

Configuring PKI Certificate Verification

SSH2.0 Configuration

Configuring the Device as an SSH Server

Provides steps to configure the device as an SSH server, including key generation and user setup.

SSH Server Configuration Task List

Lists tasks for configuring the SSH server, such as key pair generation and enabling the server.

Configuring the Device as an SSH Client

Details configuring the device as an SSH client, including source IP and connection setup.

SSH Client Configuration Examples

SFTP Configuration

Configuring the Device as an SFTP Server

Provides steps to enable and configure the device as an SFTP server.

Configuring the Device an SFTP Client

Details configuring the device as an SFTP client, including source IP and connection setup.

SFTP Client Configuration Example

SFTP Server Configuration Example

SSL Configuration

SSL Configuration Task List

Configuring an SSL Server Policy

Details setting SSL parameters for a server, including PKI domain and cipher suites.

Configuring an SSL Client Policy

TCP Attack Protection Configuration

Enabling the SYN Cookie Feature

IP Source Guard Configuration

Static IP Source Guard Binding

Dynamic IP Source Guard Binding

Configuring IPv4 Source Guard Binding

Configuring IPv6 Source Guard Binding

ARP Attack Protection Configuration

ARP Attack Protection Configuration Task List

Configuring ARP Defense Against IP Packet Attacks

Configuring ARP Detection

ND Attack Defense Configuration

Enabling Source MAC Consistency Check for ND Packets

Configuring the ND Detection Function

Related product manuals