HP 5500 Ei 5500 Si Switch Series Configuration Guide
Here you can view all the pages of manual HP 5500 Ei 5500 Si Switch Series Configuration Guide. The HP manuals for Printer are available online for free. You can easily download all the documents as PDF.
Page 2051
386 SAVI configuration in DHCPv6+SLAAC address assignment scenario Network requirements Figure 142 Network diagram As shown in Figure 142, Switch B connects to the DHCPv6 server through interface GigabitEthernet 1/0/1 and connects to the DHCPv6 client through interface GigabitEthernet 1/0/3. Host A and Host B access Gateway (Switch A) through Switch B. Interfaces GigabitEthernet 1/0/1 through GigabitEthernet 1/0/5 on Switch B belong to VLAN 2. The hosts can obtain IP addresses through...
Page 2052
![Page 2052
387
binding entries; and checks the IPv6 data packets from the hosts against dynamic binding entries
(including ND snooping entries and DHCPv6 snooping entries) applied on the interfaces connected to
the hosts and against static binding entries. The items to be examined include MAC address, IPv6
address, VLAN information, and ingress port.
Configuration procedure
# Enable SAVI.
system-view
[SwitchB] ipv6 savi strict
# Enable IPv6.
[SwitchB] ipv6
# Enable DHCPv6 snooping.
[SwitchB] ipv6 dhcp...](http://img.usermanuals.tech/thumb/36/58909/w300_hp-5500-ei-5500-si-switch-series-configuration-guide-2051.png "Page 2052
387
binding entries; and checks the IPv6 data packets from the hosts against dynamic binding entries
(including ND snooping entries and DHCPv6 snooping entries) applied on the interfaces connected to
the hosts and against static binding entries. The items to be examined include MAC address, IPv6
address, VLAN information, and ingress port.
Configuration procedure
# Enable SAVI.
system-view
[SwitchB] ipv6 savi strict
# Enable IPv6.
[SwitchB] ipv6
# Enable DHCPv6 snooping.
[SwitchB] ipv6 dhcp...")
387 binding entries; and checks the IPv6 data packets from the hosts against dynamic binding entries (including ND snooping entries and DHCPv6 snooping entries) applied on the interfaces connected to the hosts and against static binding entries. The items to be examined include MAC address, IPv6 address, VLAN information, and ingress port. Configuration procedure # Enable SAVI. system-view [SwitchB] ipv6 savi strict # Enable IPv6. [SwitchB] ipv6 # Enable DHCPv6 snooping. [SwitchB] ipv6 dhcp...
Page 2053
388 Configuring blacklist Overview The blacklist feature is an attack prevention mechanism that filters packets based on the source IP address. Compared with ACL-based packet filtering, the blacklist feature is easier to configure and fast in filtering packets sourced from particular IP addresses. The device can dynamically add and remove blacklist entries by cooperating with the login user authentication feature. When the device detects that a user tried to use FTP, Telnet, SSH, SSL, or web to...
Page 2054
![Page 2054
389
Blacklist configuration example
Network requirements
As shown in Figure 143, Ho st A, Host B, and Host C are internal users, and external user Host D is
considered an attacker.
Configure Device to always filter packets from Host D, and to prevent internal users from guessing
passwords.
Figure 143 Network diagram
Configuration procedure
# Assign IP addresses to the interfaces of Device. (Details not shown.)
# Enable the blacklist feature.
system-view
[Device] blacklist enable
#...](http://img.usermanuals.tech/thumb/36/58909/w300_hp-5500-ei-5500-si-switch-series-configuration-guide-2053.png "Page 2054
389
Blacklist configuration example
Network requirements
As shown in Figure 143, Ho st A, Host B, and Host C are internal users, and external user Host D is
considered an attacker.
Configure Device to always filter packets from Host D, and to prevent internal users from guessing
passwords.
Figure 143 Network diagram
Configuration procedure
# Assign IP addresses to the interfaces of Device. (Details not shown.)
# Enable the blacklist feature.
system-view
[Device] blacklist enable
#...")
389 Blacklist configuration example Network requirements As shown in Figure 143, Ho st A, Host B, and Host C are internal users, and external user Host D is considered an attacker. Configure Device to always filter packets from Host D, and to prevent internal users from guessing passwords. Figure 143 Network diagram Configuration procedure # Assign IP addresses to the interfaces of Device. (Details not shown.) # Enable the blacklist feature. system-view [Device] blacklist enable #...
Page 2055
390 Host D and Host C are on the blacklist. Host C will stay on the list for 10 minutes, and will then be able to try to log in again. The entry for Host D will never age out. When you do not consider Host D an attacker anymore, you can use the undo blacklist ip 5.5.5.5 command to remove the entry.
Page 2056
391 Index A B C D E H I L M N O P R S T U A AAA configuration considerations and task list,15 AAA co nfiguration examples, 50 AAA o verview, 1 A pplying a QoS policy, 228 AR P attack protection configuration task list, 351 B Ba sic configuration for MAC authentication, 118 Blac klist configuration example, 389 C C onfiguration prerequisites, 111 C onfiguration prerequisites, 92 C onfiguration prerequisites, 141 Co nfiguration task list, 335 Co nfiguration task list, 118...
Page 2057
392 Controlled/uncontrolled port and port authorization status,78 C ontrolling access of portal users, 14 9 Cr eating a local asymmetric key pair, 246 Cr eating a user profile, 227 D D eleting a certificate, 263 D estroying a local asymmetric key pair, 248 D estroying a local RSA key pair, 263 Displa ying and maintaining 802.1X, 10 3 Dis playing and maintaining AAA, 50 Displa ying and maintaining EAD fast deployment, 112 Displa ying and maintaining HABP, 242 Displa ying and...
Page 2058
393 S SAVI configuration in DHCPv6+SLAAC address assignment scenario,386 S AVI configuration in DHCPv6-only address assignment scenario, 382 S AVI configuration in SLAAC-only address assignment scenario, 384 SA VI over view, 381 S etting port securitys limit on the number of MAC addresses on a port, 209 S etting the 802.1X authentication timeout timers, 96 S etting the EAD rule timer, 112 S etting the maximum number of authentication request attempts, 96 S etting the maximum...
Page 2059
![Page 2059
i
Contents
High availability overview ··················\
··················\
··················\
··················\
··················\
··················\
··················\
············· 1
Availability requirements ··················\
··················\
··················\
··················\
··················\
··········· ··················\
··················\
········· 1
Availability evaluation ··················\
··················\
··················\
··················\...](http://img.usermanuals.tech/thumb/36/58909/w300_hp-5500-ei-5500-si-switch-series-configuration-guide-2058.png "Page 2059
i
Contents
High availability overview ··················\
··················\
··················\
··················\
··················\
··················\
··················\
············· 1
Availability requirements ··················\
··················\
··················\
··················\
··················\
··········· ··················\
··················\
········· 1
Availability evaluation ··················\
··················\
··················\
··················\...")
i Contents High availability overview ··················\ ··················\ ··················\ ··················\ ··················\ ··················\ ··················\ ············· 1 Availability requirements ··················\ ··················\ ··················\ ··················\ ··················\ ··········· ··················\ ··················\ ········· 1 Availability evaluation ··················\ ··················\ ··················\ ··················\...
Page 2060
![Page 2060
ii
CFD configuration example ··················\
··················\
··················\
··················\
··················\
··········· ··················\
··················\
· 29
Configuring DLDP ··················\
··················\
··················\
··················\
··················\
··················\
·· ··················\
··················\
····· 35
DLDP overview ··················\
··················\
··················\
··················\
··················\...](http://img.usermanuals.tech/thumb/36/58909/w300_hp-5500-ei-5500-si-switch-series-configuration-guide-2059.png "Page 2060
ii
CFD configuration example ··················\
··················\
··················\
··················\
··················\
··········· ··················\
··················\
· 29
Configuring DLDP ··················\
··················\
··················\
··················\
··················\
··················\
·· ··················\
··················\
····· 35
DLDP overview ··················\
··················\
··················\
··················\
··················\...")
ii CFD configuration example ··················\ ··················\ ··················\ ··················\ ··················\ ··········· ··················\ ··················\ · 29 Configuring DLDP ··················\ ··················\ ··················\ ··················\ ··················\ ··················\ ·· ··················\ ··················\ ····· 35 DLDP overview ··················\ ··················\ ··················\ ··················\ ··················\...