EasyManuals Logo
Home>HP>Switch>5120 EI Switch Series

HP 5120 EI Switch Series User Manual

HP 5120 EI Switch Series
304 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #281 background imageLoading...
Page #281 background image
271
Enabling ARP detection based on static IP source guard binding
Entries/DHCP snooping entries/802.1X security entries/OUI
MAC addresses
With this feature enabled, the switch compares the sender IP and MAC addresses of an ARP packet
received from the VLAN against the static IP source guard binding entries, DHCP snooping entries,
802.1X security entries, or OUI MAC addresses to prevent spoofing.
After you enable this feature for a VLAN:
1. Upon receiving an ARP packet from an ARP untrusted port, the switch compares the sender IP and
MAC addresses of the ARP packet against the static IP source guard binding entries. If a match is
found, the ARP packet is considered valid and is forwarded. If an entry with a matching IP address
but an unmatched MAC address is found, the ARP packet is considered invalid and is discarded. If
no entry with a matching IP address is found, the switch compares the ARP packets sender IP and
MAC addresses against the DHCP snooping entries, 802.1X security entries, and OUI MAC
addresses.
2. If a match is found in any of the entries, the ARP packet is considered valid and is forwarded. ARP
detection based on OUI MAC addresses refers to that if the sender MAC address of the received
ARP packet is an OUI MAC address and voice VLAN is enabled, the packet is considered valid.
3. If no match is found, the ARP packet is considered invalid and is discarded.
4. Upon receiving an ARP packet from an ARP trusted port, the switch does not check the ARP packet.
NOTE:
Static IP source guard binding entries are created by using the user-bind command. For more information, see
the chapter “IP source guard configuration.
Dynamic DHCP snooping entries are automatically generated through the DHCP snooping function. For more
information, see the
Layer 3IP Services Configuration Guide
.
802.1X security entries are generated by the 802.1X function. For more information, see the chapter “802.1X
configuration.
For more information about voice VLANs and QUI MAC addresses, see the
Layer 2LAN Switching
Configuration Guide
.
Follow these steps to enable ARP detection for a VLAN and specify a trusted port:
To do…
Use the command…
Remarks
Enter system view
system-view
Enter VLAN view
vlan vlan-id
Enable ARP detection for the
VLAN
arp detection enable
Required
ARP detection based on static IP source
guard binding entries/DHCP snooping
entries/802.1X security entries/OUI MAC
addresses is not enabled by default.
Return to system view
quit
Enter Layer 2 Ethernet port
view/Layer 2 aggregate
interface view
interface interface-type
interface-number

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP 5120 EI Switch Series and is the answer not in the manual?

HP 5120 EI Switch Series Specifications

General IconGeneral
BrandHP
Model5120 EI Switch Series
CategorySwitch
LanguageEnglish

Related product manuals