Contents
1 Updates for the HP Switch Software Access Security Guide..............................6
Configuring advanced threat protection.......................................................................................6
Introduction.........................................................................................................................6
DHCP snooping...................................................................................................................7
Overview.......................................................................................................................7
Enabling DHCP snooping.................................................................................................8
Enabling DHCP snooping on VLANs.................................................................................9
Configuring DHCP snooping trusted ports...........................................................................9
Configuring authorized server addresses..........................................................................10
Using DHCP snooping with Option 82.............................................................................10
Changing remote-id from a MAC to an IP address.............................................................11
Disabling MAC address check........................................................................................12
DHCP binding database................................................................................................12
Clearing DHCP snooping statistics...................................................................................13
Enabling debug logging................................................................................................13
Log messages...............................................................................................................14
Dynamic ARP protection..........................................................................................................15
Introduction.......................................................................................................................15
Enabling dynamic ARP protection.........................................................................................16
Configuring trusted ports.....................................................................................................16
Adding an IP-to-MAC binding to the DHCP binding database and adding or removing a static
binding............................................................................................................................17
Configuring additional validation checks on ARP packets........................................................18
Verifying Dynamic ARP protection configuration.....................................................................19
Displaying ARP packet statistics...........................................................................................19
Monitoring dynamic ARP protection......................................................................................19
Dynamic IP Lockdown..............................................................................................................20
Protection against IP source address spoofing........................................................................20
Prerequisite: DHCP snooping...............................................................................................20
Filtering IP and MAC addresses per-port and per-VLAN...........................................................21
Enabling dynamic IP lockdown............................................................................................22
Adding an IP-to-MAC binding to the DHCP binding database..................................................23
Potential issues with bindings..........................................................................................23
Verifying the dynamic IP lockdown configuration....................................................................24
Displaying the static configuration of IP-to-MAC bindings.........................................................24
Debugging dynamic IP lockdown.........................................................................................25
Differences between switch platforms....................................................................................25
Using the instrumentation monitor.............................................................................................26
Configuring instrumentation monitor.....................................................................................27
Viewing the current instrumentation monitor configuration........................................................29
Configuring RADIUS server support for switch services.................................................................29
Introduction.......................................................................................................................29
RADIUS client and server requirements.............................................................................30
Optional HP PCM and IDM network management applications...........................................30
RADIUS server configuration for CoS (802.1p priority) and rate-limiting.....................................30
Applied rates for RADIUS-assigned rate limits...................................................................31
Per-port bandwidth override............................................................................................32
Ingress (inbound) traffic.............................................................................................32
Egress (outbound) traffic............................................................................................32
Viewing the currently active per-port CoS and rate-limiting configuration...............................33
Configuring and using dynamic (RADIUS-assigned) access control lists.....................................36
Contents 3
To Next Page
Loading...
Need help?
General
