HP 5500 Ei 5500 Si Switch Series Configuration Guide
Here you can view all the pages of manual HP 5500 Ei 5500 Si Switch Series Configuration Guide. The HP manuals for Printer are available online for free. You can easily download all the documents as PDF.
Page 2001
336 Configuring the IPv4 source guard function You cannot enable IPv4 source guard on a link a ggregation member port or a service loopback group. If IPv4 source guard is enabled on a port, you cannot assign the port to a link aggregation group or a service loopback group. Configuring IPv4 source guard on a port The IPv4 source guard function must be configured on a port before the port can obtain dynamic IPv4 source guard entries and use static and dynamic IPv4 source guard entries to filter...
Page 2002
337 Configuring a static IPv4 source guard entry Static IPv4 binding entries take effect only on the ports configured with the IPv4 source guard function (see Configuring IPv4 source guard on a port ) . Port-based static IPv4 source guard entries and dyna mic IPv4 source guard entries take precedence over global static IPv4 source guard entries. A port matc hes a packet against global static binding entries only when the packet does not match any port-based static binding entry or dynamic...
Page 2003
338 Setting the maximum number of IPv4 source guard entries The maximum number of IPv4 source guard entries is us ed to limit the total number of static and dynamic IPv4 source guard entries on a port. When the numb er of IPv4 binding entries on a port reaches the maximum, the port does not allowed new IPv4 binding entries any more. If the maximum number of IPv4 binding entries to be configured is smaller than the number of existing IPv4 binding entries on the port, the maximum number can be...
Page 2004
339 • To o b t a i n dyn a m ic I P v 6 s o u rc e g u a rd e n t ri e s, m a ke s u re t h a t D H C P v 6 s n o o pi n g o r N D s n o o pi n g i s configured and works normally. For DHCPv6 an d ND snooping configuration information, see Layer 3—IP Services Configuration Guide . • If you configure both ND snooping and DHCPv6 snooping on the device, IPv6 source guard uses the type of entries that generated first. Because DHCPv6 snooping entries are usually generated first in...
Page 2005
340 Step Command Remarks 2. Configure a global static IPv6 binding entry. ipv6 source binding ipv6-address ipv6-address mac-address mac-address No glob a l sta ti c IP v6 b ind ing entry is configured by default. Configuring port-based static IPv6 binding entries Follow these guidelines to configure port-b ased static IPv6 source guard entries: • You cannot configure the same static binding entr y on one port repeatedly, but you can configure the same static binding entry on...
Page 2006
341 Step Command Remarks 2. Enter Layer 2 Ethernet interface view. interface interface-type interface-number N/A 3. Configure the maximum number of IPv6 binding entries allowed on the port. ipv6 verify source max-entries number Optional. By default, the maximum number is 1500 on the HP 5500 EI series and 640 on the HP 5500 SI series. Displaying and maintaining IP source guard For IPv4 source guard: Task Command Remarks Display static IPv4 source guard entries. display...
Page 2007
342 Device A, and Device B is connected to port GigabitEthernet 1/0/1 of Device A. All hosts use static IP addresses. Configure static IPv4 source guard entries on Device A and Device B to meet the following requirements: • On port GigabitEthernet 1/0/2 of Device A, only IP packets from Host C can pass. • On port GigabitEthernet 1/0/1 of Device A, only IP packets from Host A can pass. • On port GigabitEthernet 1/0/2 of Device B, only IP packets from Host A can pass. • On port...
Page 2008
![Page 2008
343
# Configure the IPv4 source guard function on Gi gabitEthernet 1/0/2 to filter packets based on
both the source IP address and MAC address.
[DeviceB] interface gigabitethernet 1/0/2
[DeviceB-GigabitEthernet1/0/2] ip verify source ip-address mac-address
# Configure GigabitEthernet 1/0/2 to allow only IP packets with the source MAC address of
0001-0203-0406 and the so urce IP address of 192.168.0.1 to pass.
[DeviceB] interface gigabitethernet 1/0/2
[DeviceB-GigabitEthernet1/0/2] ip source...](http://img.usermanuals.tech/thumb/36/58909/w300_hp-5500-ei-5500-si-switch-series-configuration-guide-2007.png "Page 2008
343
# Configure the IPv4 source guard function on Gi gabitEthernet 1/0/2 to filter packets based on
both the source IP address and MAC address.
[DeviceB] interface gigabitethernet 1/0/2
[DeviceB-GigabitEthernet1/0/2] ip verify source ip-address mac-address
# Configure GigabitEthernet 1/0/2 to allow only IP packets with the source MAC address of
0001-0203-0406 and the so urce IP address of 192.168.0.1 to pass.
[DeviceB] interface gigabitethernet 1/0/2
[DeviceB-GigabitEthernet1/0/2] ip source...")
343 # Configure the IPv4 source guard function on Gi gabitEthernet 1/0/2 to filter packets based on both the source IP address and MAC address. [DeviceB] interface gigabitethernet 1/0/2 [DeviceB-GigabitEthernet1/0/2] ip verify source ip-address mac-address # Configure GigabitEthernet 1/0/2 to allow only IP packets with the source MAC address of 0001-0203-0406 and the so urce IP address of 192.168.0.1 to pass. [DeviceB] interface gigabitethernet 1/0/2 [DeviceB-GigabitEthernet1/0/2] ip source...
Page 2009
![Page 2009
344
For information about DHCP server configuration, see Layer 3—IP Services Configuration Guide.
Figure 121 Network diagram
Configuration procedure
1. Configure DHCP snooping.
# Enable DHCP snooping.
system-view
[Device] dhcp-snooping
# Configure port GigabitEthernet 1/0/2, which is connected to the DHCP server, as a trusted
port.
[Device] interface gigabitethernet1/0/2
[Device-GigabitEthernet1/0/2] dhcp-snooping trust
[Device-GigabitEthernet1/0/2] quit
2. Configure the IPv4...](http://img.usermanuals.tech/thumb/36/58909/w300_hp-5500-ei-5500-si-switch-series-configuration-guide-2008.png "Page 2009
344
For information about DHCP server configuration, see Layer 3—IP Services Configuration Guide.
Figure 121 Network diagram
Configuration procedure
1. Configure DHCP snooping.
# Enable DHCP snooping.
system-view
[Device] dhcp-snooping
# Configure port GigabitEthernet 1/0/2, which is connected to the DHCP server, as a trusted
port.
[Device] interface gigabitethernet1/0/2
[Device-GigabitEthernet1/0/2] dhcp-snooping trust
[Device-GigabitEthernet1/0/2] quit
2. Configure the IPv4...")
344 For information about DHCP server configuration, see Layer 3—IP Services Configuration Guide. Figure 121 Network diagram Configuration procedure 1. Configure DHCP snooping. # Enable DHCP snooping. system-view [Device] dhcp-snooping # Configure port GigabitEthernet 1/0/2, which is connected to the DHCP server, as a trusted port. [Device] interface gigabitethernet1/0/2 [Device-GigabitEthernet1/0/2] dhcp-snooping trust [Device-GigabitEthernet1/0/2] quit 2. Configure the IPv4...
Page 2010
345 Dynamic IPv4 source guard using DHCP relay configuration example Network requirements As shown in Figure 122 , the host and the DHCP server are connected to the switch through interfaces VLAN-interface 100 and VLAN-interface 200 respectively. DHCP relay is enabled on the switch. The host (with the MAC address of 0001-0203-0406) obtains an IP address from the DHCP server through the DHCP relay agent. Enable the IPv4 source guard function on the switch’s VLAN-interface 100 to filter packets...