HP 6125XLG R2306-HP 6125XLG Blade Switch Security Configuration Guide - Page 7
Configuring the IPv6 source guard function, Configuring ARP filtering, uRPF check modes, v
 |
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 7 highlights
Enabling IPv4 source guard on an interface 162 Configuring a static IPv4 source guard binding entry on an interface 163 Configuring the IPv6 source guard function 164 Enabling IPv6 source guard on an interface 164 Configuring a static IPv6 source guard binding entry on an interface 164 Displaying and maintaining IP source guard 165 Static IPv4 source guard configuration example 165 Dynamic IPv4 source guard using DHCP snooping configuration example 167 Dynamic IPv4 source guard using DHCP relay configuration example 169 Static IPv6 source guard configuration example 170 Configuring ARP attack protection 171 ARP attack protection configuration task list 171 Configuring unresolvable IP attack protection 171 Configuring ARP source suppression 172 Enabling ARP black hole routing 172 Displaying and maintaining unresolvable IP attack protection 172 Configuration example 172 Configuring ARP packet rate limit 173 Configuration guidelines 174 Configuration procedure 174 Configuring source MAC-based ARP attack detection 174 Configuration procedure 174 Displaying and maintaining source MAC-based ARP attack detection 175 Configuration example 175 Configuring ARP packet source MAC consistency check 177 Configuring ARP active acknowledgement 177 Configuring ARP detection 177 Configuring user validity check 177 Configuring ARP packet validity check 178 Configuring ARP restricted forwarding 179 Displaying and maintaining ARP detection 179 User validity check and ARP packet validity check configuration example 180 Configuring ARP automatic scanning and fixed ARP 181 Configuration guidelines 181 Configuration procedure 182 Configuring ARP gateway protection 182 Configuration guidelines 182 Configuration procedure 182 Configuration example 183 Configuring ARP filtering 183 Configuration guidelines 183 Configuration procedure 184 Configuration example 184 Configuring uRPF 186 uRPF check modes 186 uRPF operation 186 Network application 189 Configuration procedure 189 Displaying and maintaining uRPF 190 Configuration example 190 Network requirements 190 Configuration procedure 190 v
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8 -
9 -
10 -
11 -
12 -
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
 |
 |
v
Enabling IPv4 source guard on an interface ···································································································· 162
Configuring a static IPv4 source guard binding entry on an interface ························································· 163
Configuring the IPv6 source guard function
·············································································································· 164
Enabling IPv6 source guard on an interface ···································································································· 164
Configuring a static IPv6 source guard binding entry on an interface ························································· 164
Displaying and maintaining IP source guard ············································································································ 165
Static IPv4 source guard configuration example ······································································································ 165
Dynamic IPv4 source guard using DHCP snooping configuration example·························································· 167
Dynamic IPv4 source guard using DHCP relay configuration example ································································· 169
Static IPv6 source guard configuration example ······································································································ 170
Configuring ARP attack protection························································································································· 171
ARP attack protection configuration task list ············································································································· 171
Configuring unresolvable IP attack protection ·········································································································· 171
Configuring ARP source suppression ················································································································ 172
Enabling ARP black hole routing ······················································································································· 172
Displaying and maintaining unresolvable IP attack protection ······································································ 172
Configuration example ······································································································································· 172
Configuring ARP packet rate limit ······························································································································ 173
Configuration guidelines ···································································································································· 174
Configuration procedure ···································································································································· 174
Configuring source MAC-based ARP attack detection ···························································································· 174
Configuration procedure ···································································································································· 174
Displaying and maintaining source MAC-based ARP attack detection························································· 175
Configuration example ······································································································································· 175
Configuring ARP packet source MAC consistency check ························································································ 177
Configuring ARP active acknowledgement ··············································································································· 177
Configuring ARP detection ·········································································································································· 177
Configuring user validity check ························································································································· 177
Configuring ARP packet validity check ············································································································· 178
Configuring ARP restricted forwarding ············································································································· 179
Displaying and maintaining ARP detection ······································································································ 179
User validity check and ARP packet validity check configuration example·················································· 180
Configuring ARP automatic scanning and fixed ARP······························································································· 181
Configuration guidelines ···································································································································· 181
Configuration procedure ···································································································································· 182
Configuring ARP gateway protection ························································································································ 182
Configuration guidelines ···································································································································· 182
Configuration procedure ···································································································································· 182
Configuration example ······································································································································· 183
Configuring ARP filtering
············································································································································· 183
Configuration guidelines ···································································································································· 183
Configuration procedure ···································································································································· 184
Configuration example ······································································································································· 184
Configuring uRPF····················································································································································· 186
uRPF check modes
························································································································································ 186
uRPF operation ····························································································································································· 186
Network application ···················································································································································· 189
Configuration procedure ············································································································································· 189
Displaying and maintaining uRPF ······························································································································ 190
Configuration example ················································································································································ 190
Network requirements········································································································································· 190
Configuration procedure ···································································································································· 190