EasyManuals Logo

HP 5920 Series Configuration Guide

HP 5920 Series
424 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #347 background imageLoading...
Page #347 background image
336
# Enable recording of relay entries on the relay agent.
[SwitchB] dhcp relay client-information record
3. Configure Switch C:
<SwitchC> system-view
[SwitchC] ip route-static 10.1.1.0 24 10.10.1.1
[SwitchC] interface ten-gigabitethernet 1/0/2
[SwitchC-Ten-GigabitEthernet1/0/1] port link-mode route
[SwitchC-Ten-GigabitEthernet1/0/2] ip address dhcp-alloc
[SwitchC-Ten-GigabitEthernet1/0/2] quit
Verifying the configuration
# Display authorized ARP information on Switch B.
[SwitchB] display arp all
Type: S-Static D-Dynamic O-Openflow M-Multiport I-Invalid
IP Address MAC Address VLAN Interface Aging Type
10.10.1.2 0012-3f86-e94c N/A XGE1/0/2 20 D
The output shows that Switch A assigned the IP address 10.10.1.2 to Switch C.
Switch C must use the IP address and MAC address in the authorized ARP entry to communicate with
Switch B. Otherwise, the communication fails. Thus the user validity is ensured.
Configuring ARP detection
ARP detection enables access devices to block ARP packets from unauthorized clients to prevent user
spoofing and gateway spoofing attacks. ARP detection does not check ARP packets received from ARP
trusted ports.
ARP detection provides the user validity check, ARP packet validity check, and ARP restricted forwarding
functions.
If both ARP packet validity check and user validity check are enabled, the former one applies first, and
then the latter applies.
Configuring user validity check
Upon receiving an ARP packet from an ARP untrusted interface, the device matches the sender IP and
MAC addresses with the following entries:
• Static IP source guard binding entries
• DHCP snooping entries.
If a match is found, the ARP packet is considered valid and is forwarded. If no match is found, the ARP
packet is considered invalid and is discarded.
Static IP source guard binding entries are created by using the ip source binding command. For more
information, see "Configuring IP source guard."
D
H
CP snooping entries are automatically generated by DHCP snooping. For more information, see
Layer 3—IP Services Configuration Guide.
Configuration guidelines
When you configure user validity check, follow these guidelines:

Table of Contents

Other manuals for HP 5920 Series

Preview: Command Reference
Command Reference607 pages
Preview: Fundamentals Configuration Guide
Fundamentals Configuration Guide215 pages
Preview: Installation Guide
Installation Guide63 pages
Preview: Troubleshooting Guide
Troubleshooting Guide52 pages
Preview: Fc And Fcoe Configuration Guide
Fc And Fcoe Configuration Guide257 pages
Preview: Compliance And Safety Manual
Compliance And Safety Manual58 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP 5920 Series and is the answer not in the manual?

HP 5920 Series Specifications

General IconGeneral
BrandHP
Model5920 Series
CategorySwitch
LanguageEnglish

Related product manuals