HP 6125G HP 6125G & 6125G/XG Blade Switches Security Configuration Gui - Page 239
Configuration procedure, Network diagram
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 239 highlights
• On port GigabitEthernet 1/0/1 of Device A, only IP packets from Host A can pass. • On port GigabitEthernet 1/0/2 of Device B, only IP packets from Host A can pass. • On port GigabitEthernet 1/0/1 of Device B, only IP packets sourced from 192.168.0.2/24 can pass. Host B can communicate with Host A by using this IP address even if it uses another network adapter. Figure 69 Network diagram Configuration procedure 1. Configure Device A: # Configure the IPv4 source guard function on GigabitEthernet 1/0/2 to filter packets based on both the source IP address and MAC address. system-view [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] ip verify source ip-address mac-address # Configure GigabitEthernet 1/0/2 to allow only IP packets with the source MAC address of 0001-0203-0405 and the source IP address of 192.168.0.3 to pass. [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] ip source binding ip-address 192.168.0.3 mac-address 0001-0203-0405 [DeviceA-GigabitEthernet1/0/2] quit # Configure the IPv4 source guard function on GigabitEthernet 1/0/1 to filter packets based on both the source IP address and MAC address. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] ip verify source ip-address mac-address # Configure GigabitEthernet 1/0/1 to allow only IP packets with the source MAC address of 0001-0203-0406 and the source IP address of 192.168.0.1 to pass. [DeviceA-GigabitEthernet1/0/1] ip source binding ip-address 192.168.0.1 mac-address 0001-0203-0406 [DeviceA-GigabitEthernet1/0/1] quit 2. Configure Device B: # Configure the IPv4 source guard function on GigabitEthernet 1/0/2 to filter packets based on both the source IP address and MAC address. system-view [DeviceB] interface gigabitethernet 1/0/2 [DeviceB-GigabitEthernet1/0/2] ip verify source ip-address mac-address 229