EasyManua.ls Logo

HP E3800-24G-PoE+-2SFP+

HP E3800-24G-PoE+-2SFP+
732 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
11-22
Configuring Advanced Threat Protection
Dynamic IP Lockdown
Monitoring Dynamic ARP Protection
When dynamic ARP protection is enabled, you can monitor and troubleshoot
the validation of ARP packets with the debug arp-protect command. Use this
command when you want to debug the following conditions:
The switch is dropping valid ARP packets that should be allowed.
The switch is allowing invalid ARP packets that should be dropped.
Figure 11-3. Example of debug arp-protect Command
Dynamic IP Lockdown
The Dynamic IP Lockdown feature is used to prevent IP source address
spoofing on a per-port and per-VLAN basis. When dynamic IP lockdown is
enabled, IP packets in VLAN traffic received on a port are forwarded only if
they contain a known source IP address and MAC address binding for the port.
The IP-to-MAC address binding can either be statically configured or learned
by the DHCP Snooping feature.
HP Switch(config)# debug arp-protect
1. ARP request is valid
"DARPP: Allow ARP request 000000-000001,10.0.0.1 for 10.0.0.2 port A1,
vlan "
2. ARP request detected with an invalid binding
"DARPP: Deny ARP request 000000-000003,10.0.0.1 port 1, vlan 1"
3. ARP response with a valid binding
"DARPP: Allow ARP reply 000000-000002,10.0.0.2 port 2, vlan 1"
4.ARP response detected with an invalid binding
"DARPP: Deny ARP reply 000000-000003,10.0.0.2 port 2, vlan 1"

Table of Contents

Related product manuals