HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 292
Configuring Trusted Ports for Dynamic ARP Protection, arp-protect trust, port-list, c1-c3 - cross connect examples
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 292 highlights
Configuring Advanced Threat Protection Dynamic ARP Protection Figure 8-9. Configuring Trusted Ports for Dynamic ARP Protection Take into account the following configuration guidelines when you use dynamic ARP protection in your network: ■ You should configure ports connected to other switches in the network as trusted ports. In this way, all network switches can exchange ARP packets and update their ARP caches with valid information. ■ Switches that do not support dynamic ARP protection should be separated by a router in their own Layer 2 domain. Because ARP packets do not cross Layer 2 domains, the unprotected switches cannot unknowingly accept ARP packets from an attacker and forward them to protected switches through trusted ports. To configure one or more Ethernet interfaces that handle VLAN traffic as trusted ports, enter the arp-protect trust command at the global configuration level. The switch does not check ARP requests and responses received on a trusted port. Syntax: [no] arp-protect trust port-list Specifies a port number or a range of port numbers. Separate individual port numbers or ranges of port numbers with a comma; for example: c1-c3, c6. An example of the arp-protect trust command is shown here: ProCurve(config)# arp-protect trust b1-b4, d1 8-19