EasyManuals Logo

HPE FlexNetwork 5510 HI Series Security Configuration Guide

HPE FlexNetwork 5510 HI Series
551 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #445 background imageLoading...
Page #445 background image
432
Basic concepts
An MFF-enabled device has two types of ports: user port and network port.
User port
An MFF user port is directly connected to a host and processes the following packets differently:
• Allows multicast packets to pass.
• Delivers ARP packets to the CPU.
• After learning gateways' MAC addresses, a user port allows only the unicast packets with the
gateways' MAC addresses as the destination MAC addresses to pass. If no gateways' MAC
addresses are learned, a user port discards all received unicast packets.
Network port
An MFF network port is connected to any of the following networking devices:
• An access switch.
• A distribution switch.
• A gateway.
• A server.
A network port processes the following packets differently:
• Allows multicast packets to pass.
• Delivers ARP packets to the CPU.
• Denies broadcast packets other than DHCP and ARP packets.
You need to configure the following ports as network ports:
• Upstream ports connected to a gateway.
• Ports connected to the MFF devices in a cascaded network (a network with multiple MFF
devices connected to one another).
• Ports between devices in a ring network.
Link aggregation is supported by network ports in an MFF-enabled VLAN, but it is not supported by
user ports in the VLAN. You can add the network ports to link aggregation groups, but cannot add the
user ports to link aggregation groups. For more information about link aggregation, see Layer
2—LAN Switching Configuration Guide.
NOTE:
•
A network port is not always an upstream port.
• If you enable MFF for a VLAN, each port in the VLAN must be a network or user port.
MFF operation modes
Manual mode
The manual mode applies to networks where the hosts' IP addresses are manually configured. The
hosts cannot obtain the gateway information through DHCP. A VLAN maintains only the MAC
address of the default gateway.
After receiving an ARP request for a host's MAC address from the gateway, the MFF device directly
replies the host's MAC address to the gateway according to the ARP snooping entries. After learning
the gateway's MAC address, the MFF device updates the MAC address upon receiving an ARP
packet with a different sender MAC address from the default gateway.

Table of Contents

Other manuals for HPE FlexNetwork 5510 HI Series

Preview: Configuration Guide
Configuration Guide572 pages
Preview: Fundamentals Configuration Guide
Fundamentals Configuration Guide209 pages
Preview: Layer 3 - Ip Routing Configuration Guide
Layer 3 - Ip Routing Configuration Guide486 pages
Preview: Network Management And Monitoring Configuration Guide
Network Management And Monitoring Configuration Guide331 pages
Preview: Macsec Configuration Guide
Macsec Configuration Guide27 pages
Preview: Acl And Qos Configuration Guide
Acl And Qos Configuration Guide114 pages
Preview: Mpls Configuration Guide
Mpls Configuration Guide505 pages
Preview: Openflow Configuration Guide
Openflow Configuration Guide39 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork 5510 HI Series and is the answer not in the manual?

HPE FlexNetwork 5510 HI Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork 5510 HI Series
CategorySwitch
LanguageEnglish

Related product manuals