Home > HP > Printer > HP 5500 Ei 5500 Si Switch Series Configuration Guide

HP 5500 Ei 5500 Si Switch Series Configuration Guide

Add to Favourites
    Download as PDF Print this page Share this page

    Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    View all the pages
    Page
    of 2513
    Add page 491 to Favourites
    image text
    Enable zoom 
    							 9 
•  Add GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 into VLAN 1, and specify IP address 
16 .1.1. 3 0 / 2 4  f o r  V L A N - i n t e r f a c e  1.   
•   Add GigabitEthernet 1/0/1 and GigabitEthernet 1/0/4 into VLAN 2, and specify IP address 
17.1.1.1 / 2 4  f o r  V L A N - i n t e r f a c e  2 .   
•   S p e c i f y  17.1.1.1 / 2 4  a s  t h e  d e f a u l t  g a t e w a y  o f  H o s t  A  a n d  H o s t  B .   
•   Specify 16.1.1.30/24 as the default gateway of Server A and Server B. 
•   Disable the ARP entry check function so that the switch can learn dynamic ARP entries containing 
multicast MAC addresses. 
•   Configure a static multicast MAC address entry so that only interfaces GigabitEthernet 1/0/2 and 
GigabitEthernet 1/0/3 can receive multicast information. 
Figure 5  Network diagram 
 
 
Configuration procedure 
This example only describes multicast ARP configuration on the switch, and is only applicable to multicast 
NLB. For NLB configuration on the servers, see the related documents of the Windows Server. 
# Specify an IP address for VLAN-interface 2. 
 system-view 
[Switch] vlan 2 
[Switch-vlan2] port GigabitEthernet 1/0/4 
[Switch-vlan2] port GigabitEthernet 1/0/1 
[Switch-vlan2] quit 
[Switch] interface vlan-interface 2 
[Switch-Vlan-interface2] ip address 17.1.1.1 255.255.255.0 
[Switch-Vlan-interface2] quit 
# Specify an IP address for VLAN-interface 1. 
[Switch] interface vlan-interface 1 
[Switch-Vlan-interface1] ip address 16.1.1.30 255.255.255.0 
[Switch-Vlan-interface1] quit 
# Disable the ARP entry check function.  
[Switch] undo arp check enable 
# Configure a static multicast MAC address entry. 
[Switch] mac-address multicast 03bf-1001-0164 interface GigabitEthernet \
1/0/2 Gigabi 
tEthernet 1/0/3 vlan 1
    Add page 492 to Favourites
    image text
    Enable zoom 
    							 10 
Verifying the configuration 
•  NLB load sharing —Enables the FTP server function of Server A and Server B. Host A and Host B 
send requests to the virtual IP address and each  of them logs in to a different server.  
•   NLB redundancy —Disables the network interface card of Server A. Host A and Host B send 
requests to the virtual IP address and both log in to the FTP server on Server B.
    Add page 493 to Favourites
    image text
    Enable zoom 
    							 11 
Configuring gratuitous ARP 
Overview 
In a gratuitous ARP packet, the sender IP address and the target IP address are the IP address of the 
sending device. 
A device sends a gratuitous ARP packet for either of the following purposes: 
•  Determine whether its IP address is already used by another device. If the IP address is already used, 
the device is informed of the conflict by an ARP reply. 
•   Inform other devices of a change of its MAC address. 
Gratuitous ARP packet learning 
This feature enables a device to create or update ARP entries by using the sender IP and MAC addresses 
in received gratuitous ARP packets.  
With this feature disabled, the device uses received  gratuitous ARP packets to update existing ARP entries 
only. 
Periodic sending of gratuitous ARP packets 
Enabling a device to periodically send gratuitous ARP packets helps downstream devices update their 
corresponding ARP entries or MAC entries  in time. This feature can be used to: 
•   Prevent gateway spoofing. 
When an attacker sends forged gratuitous ARP  packets to the hosts on a network, the traffic 
destined for the gateway from the hosts is sent to  the attacker instead. As a result, the hosts cannot 
access the external network. 
To prevent gateway spoofing attacks, enable  the gateway to send gratuitous ARP packets 
containing its primary IP address and manually co nfigured secondary IP addresses at a specific 
interval, so hosts can learn correct gateway address information. 
•   Prevent ARP entries from aging out. 
If network traffic is heavy or if a host’s CPU usage is high on a  host, received ARP packets may be 
discarded or not be processed in time. Eventually , the dynamic ARP entries on the receiving host 
age out, and the traffic between the host and the corresponding devices is in terrupted until the host 
re-creates the ARP entries. 
To prevent this problem, enable the gateway to  send gratuitous ARP packets periodically. The 
gratuitous ARP packets contain the gateways primar y IP address or one of its manually configured 
secondary IP addresses, so the receiving host can update ARP entries in time, ensuring traffic 
continuity. 
•   Prevent the virtual IP address of a VRRP group from being used by a host. 
The master router of a VRRP group can periodically  send gratuitous ARP packets to the hosts on the 
local network, so that the hosts can update local  ARP entries and avoid using the virtual IP address 
of the VRRP group.
    Add page 494 to Favourites
    image text
    Enable zoom 
    							 12 
If the virtual IP address of the VRRP group is associated with a virtual MAC address, the sender 
MAC address in the gratuitous ARP packet takes the  virtual MAC address of the virtual router. If the 
virtual IP address of the VRRP group is associated  with the real MAC address of an interface, the 
sender MAC address in the gratuitous ARP packet takes the MAC address of the interface on the 
master router in the VRRP group. 
For more information about VRRP, see  High Availability Configuration Guide. 
Configuration guidelines 
Follow these guidelines when you configure gratuitous ARP: 
•  You can enable periodic sending of gratuitous ARP packets in VLAN interface view or Layer 3 
Ethernet port view. 
•   You can enable periodic sending of gratuitous ARP packets on a maximum of 1024 interfaces. 
•   Periodic sending of gratuitous ARP packets takes effect only when the link of the enabled interface 
goes up and an IP address has been assigned to the interface. 
•   If you change the interval for sending gratuitous  ARP packets, the configuration is effective at the 
next sending interval. 
•   The frequency of sending gratuitous ARP packets  may be much lower than is expected if this 
function is enabled on multiple interfaces, if each interface is configured with multiple secondary IP 
addresses, or if a small sending interval is configured in such cases. 
Configuration procedure 
To  c o n fig u re  g ra t u i to us  A R P :   
Step Command  Remarks 
1.  Enter system view. 
system-view N/A 
2.  Enable learning of gratuitous 
ARP packets.  gratuitous-arp-learning 
enable Optional. 
Enabled by default. 
3.
  Enable the device to send 
gratuitous ARP packets upon 
receiving ARP requests from 
another subnet.  gratuitous-arp-sending 
enable By default, a device does not send 
gratuitous ARP packets upon 
receiving ARP requests from another 
subnet. 
4.
  Enter interface view.  interface
 interface-type 
interface-number  N/A 
5.
  Enable periodic sending of 
gratuitous ARP packets and set 
the sending interval.  arp send-gratuitous-arp 
[ interval
 milliseconds  ]  Disabled by default.
    Add page 495 to Favourites
    image text
    Enable zoom 
    							 13 
Configuring proxy ARP 
Overview 
Proxy ARP enables a device on a network to answer ARP requests for an IP address not on that network. 
With proxy ARP, hosts on different broadcast domains can communicate with each other as they do on 
the same network.  
Proxy ARP includes common proxy ARP and local proxy ARP. 
•   Common proxy ARP —Allows communication between hosts  that connect to different Layer-3 
interfaces and reside in different broadcast domains.  
•   Local proxy ARP —Allows communication between hosts that connect to the same Layer-3 interface 
and reside in different broadcast domains. 
Common proxy ARP 
A proxy ARP enabled device allows hosts that reside on different subnets to communicate. 
As shown in  Figure 6, S
witch connects to two subnets through  VLAN-interface 1 and VLAN-interface 2. 
The IP addresses of the two interfaces are 192.168.10.99/24 and 192.168.20.99/24. Host A and Host 
B are assigned the same prefix 192.168.0.0. Host A connects to VLAN-interface 1 and Host B connects 
to VLAN-interface 2. 
Figure 6  Application environment of proxy ARP 
 
 
Because Host A and Host B have the same prefix 192.168.0.0, Host A considers that Host B is on the 
same network, and it broadcasts an ARP request for the MAC address of Host B. However, Host B cannot 
receive this request because it is in a different broadcast domain. 
You can enable proxy ARP on VLAN-interface 1 of the switch so that the switch can reply to the ARP 
request from Host A with the MAC address of VLAN-interface 1, and forward packets sent from Host A 
to Host B. In this case, the switch acts as a proxy of Host B. 
A main advantage of proxy ARP is that you can enable it on a single switch without disturbing routing 
tables of other routers in the network. Proxy ARP acts as the gateway for hosts that are not configured with 
a default gateway or do not have routing capability. 
Local proxy ARP 
As shown in  Figure 7, Ho st A and Host B belong to VLAN 2, but are isolated at Layer 2. Host A connects 
to GigabitEthernet 1/0/3 while Host B connects to GigabitEthernet 1/0/1. Enable local proxy ARP on 
Switch A to allow Layer 3 communication between the two hosts.
    Add page 496 to Favourites
    image text
    Enable zoom 
    							 14 
Figure 7 Application environment of local proxy ARP 
 
 
Enable local proxy ARP in one of the following cases: 
•  Hosts connecting to different isolated Layer 2 ports in the same VLAN need to communicate at 
Layer 3. 
•   If a super VLAN is configured, hosts in different sub VLANs of the super VLAN need to communicate 
at Layer 3. 
•   If an isolate-user-VLAN is configured, hosts in  different secondary VLANs of the isolate-user-VLAN 
need to communicate at Layer 3. 
Enabling common proxy ARP 
To enable common proxy ARP in VLAN interface view /Layer 3 Ethernet port view/Layer 3 aggregate 
interface view: 
 
Step Command  Remarks 
1.   Enter system view. 
system-view N/A 
2.  Enter interface view. 
interface interface-type interface-number  N/A 
3.  Enable proxy ARP. 
proxy-arp enable Disabled by default 
 
Enabling local proxy ARP 
To enable local proxy ARP in VLAN interface view /Layer 3 Ethernet port view/Layer 3 aggregate 
interface view: 
 
Step Command  Remarks 
1.  Enter system view. 
system-view  N/A 
2.  Enter interface view. 
interface interface-type interface-number N/A 
3.   Enable local proxy ARP. 
local-proxy-arp enable  [ ip-range  startIP  to  endIP  ]  Disabled by default
    Add page 497 to Favourites
    image text
    Enable zoom 
    							 15 
Displaying and maintaining proxy ARP 
 
Task Command  Remarks 
Display whether proxy ARP is 
enabled. display proxy-arp [
 interface interface-type 
interface-number ] [ |  { begin | exclude  | 
include  } regular-expression ]  Available in any view 
Display whether local proxy ARP is 
enabled. display local-proxy-arp 
[ interface 
interface-type interface-number  ] [ | { begin  
|  exclude  | include  } regular-expression ]  Available in any view
 
 
Proxy ARP configuration examples 
Common proxy ARP configuration example 
Network requirements 
As shown in Figure 8, Ho st A and Host D have the same IP prefix and mask (IP addresses of Host A and 
Host D are 192.168.10.100/16 and 192.168.20.200/16 respectively), but they are located on different 
subnets separated by the switch (Hos t A belongs to VLAN 1 while Host D belongs to VLAN 2). As a result, 
Host D cannot receive or respond to any ARP request from Host A. 
You must configure proxy ARP on the switch to enable communication between the two hosts. 
Figure 8  Network diagram 
 
 
Configuration procedure 
# Create VLAN 2. 
 system-view 
[Switch] vlan 2 
[Switch-vlan2] quit
    Add page 498 to Favourites
    image text
    Enable zoom 
    							 16 
# Specify the IP address of interface VLAN-interface 1. 
[Switch] interface vlan-interface 1 
[Switch-Vlan-interface1] ip address 192.168.10.99 255.255.255.0 
# Enable proxy ARP on interface VLAN-interface 1. 
[Switch-Vlan-interface1] proxy-arp enable 
[Switch-Vlan-interface1] quit 
# Specify the IP address of interface VLAN-interface 2. 
[Switch] interface vlan-interface 2 
[Switch-Vlan-interface2] ip address 192.168.20.99 255.255.255.0 
# Enable proxy ARP on interface VLAN-interface 2. 
[Switch-Vlan-interface2] proxy-arp enable 
After completing preceding configurations, use the ping command to verify the connectivity between 
Host A and Host D. 
Local proxy ARP configuration example in case of port isolation 
Network requirements 
As shown in Figure 9 , Host A and Host B belong to the same VLAN, and connect to Switch B via 
GigabitEthernet 1/0/3 and GigabitEthernet 1/0/1 respectively. Switch B connects to Switch A via 
GigabitEthernet 1/0/2. 
Configure port isolation on GigabitEthernet 1/0/3 and GigabitEthernet 1/0/1 of Switch B to isolate 
Host A from Host B at Layer 2. Enable local proxy ARP on Switch A to allow communication between 
Host A and Host B at Layer 3. 
Figure 9  Network diagram 
 
 
Configuration procedure 
1. Configure Switch B: 
# Add GigabitEthernet 1/0/3, GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to VLAN 2. 
Configure port isolation on Host A and Host B. 
 system-view 
[SwitchB] vlan 2 
[SwitchB-vlan2] port GigabitEthernet 1/0/3 
 
GE1/0/2
VLAN 2
Vlan-int2
192.168.10.100/16
Switch B
GE1/0/3
GE1/0/1
GE1/0/2
Host A192.168.10.99/16
Host B192.168.10.200/16
VLAN 2
port-isolate group
Switch A
    Add page 499 to Favourites
    image text
    Enable zoom 
    							 17 
[SwitchB-vlan2] port GigabitEthernet 1/0/1 
[SwitchB-vlan2] port GigabitEthernet 1/0/2 
[SwitchB-vlan2] quit 
[SwitchB] interface GigabitEthernet 1/0/3 
[SwitchB-GigabitEthernet1/0/3] port-isolate enable 
[SwitchB-GigabitEthernet1/0/3] quit 
[SwitchB] interface GigabitEthernet 1/0/1 
[SwitchB-GigabitEthernet1/0/1] port-isolate enable 
[SwitchB-GigabitEthernet1/0/1] quit 
2. Configure Switch A: 
# Create VLAN 2, and add GigabitEthernet 1/0/2 to VLAN 2.  
 system-view 
[SwitchA] vlan 2 
[SwitchA-vlan2] port GigabitEthernet 1/0/2 
[SwitchA-vlan2] quit 
[SwitchA] interface vlan-interface 2 
[SwitchA-Vlan-interface2] ip address 192.168.10.100 255.255.0.0 
F r o m  H o s t  A ,  p i n g  H o s t  B .  T h e  p i n g  o p e r a t i o n  i s   unsuccessful because they are isolated at Layer 2. 
# Configure local proxy ARP to allow communicati on between Host A and Host B at Layer 3. 
[SwitchA-Vlan-interface2] local-proxy-arp enable 
From Host A, ping Host B. The ping operation is successful after the configuration. 
Local proxy ARP configuration example in super VLAN(only 
available on the HP 5500 EI) 
Network requirements 
Figure 10 shows a super VLAN, VLAN 10, with the interface IP address 192.168.10.100/16 and 
sub-VLANs (VLAN 2 and VLAN 3). GigabitEthernet 1/0/2 belongs to VLAN 2 and GigabitEthernet 
1/0/1 belongs to VLAN 3. Host A belongs to VLAN 2 and connects to GigabitEthernet 1/0/2 of the 
switch. Host B belongs to VLAN 3 and connects to GigabitEthernet 1/0/1 of the switch.  
As Host A and Host B belong to different Sub-VLANs,  they are isolated at Layer 2. Configure local proxy 
ARP on the switch to allow Layer 3 communication between Host A and Host B. 
Figure 10  Network diagram 
 
 
 
Host B192.168.10.200/16
Host A192.168.10.99/16
Switch
GE1/0/2
VLAN 2
Sub VLAN VLAN 10
Super VLAN Vlan-int10
192.168.10.100/16 GE1/0/1
VLAN 3
Sub VLAN
    Add page 500 to Favourites
    image text
    Enable zoom 
    							 18 
Configuration procedure 
# Create the super VLAN and the sub-VLANs. Add GigabitEthernet 1/0/2 to VLAN 2 and 
GigabitEthernet 1/0/1 to VLAN 3. Configure the IP address 192.168.10.100/16 for the interface of 
VLAN 10.  
 system-view 
[Switch] vlan 2 
[Switch-vlan2] port GigabitEthernet 1/0/2 
[Switch-vlan2] quit 
[Switch] vlan 3 
[Switch-vlan3] port GigabitEthernet 1/0/1 
[Switch-vlan3] quit 
[Switch] vlan 10 
[Switch-vlan10] supervlan 
[Switch-vlan10] subvlan 2 3 
[Switch-vlan10] quit 
[Switch] interface vlan-interface 10 
[Switch-Vlan-interface10] ip address 192.168.10.100 255.255.0.0 
From Host A, ping Host B. The ping operation is unsuccessful because they are isolated at Layer 2. 
# Configure local proxy ARP to implement Layer 3 communication between sub-VLANs. 
[Switch-Vlan-interface10] local-proxy-arp enable 
From Host A, ping Host B. The ping operation is successful after the configuration. 
Local proxy ARP configuration example in isolate-user-VLAN 
Network requirements 
As shown in  Figure 11, Switch B is attached to Switch A. VLAN 5 on Switch B is an isolate -user-VLAN, 
which includes uplink port GigabitEthernet 1/0/2 and two secondary VLANs, VLAN 2 and VLAN 3. 
GigabitEthernet 1/0/3 belongs to VLAN 2, and GigabitEthernet 1/0/1 belongs to VLAN 3.  
Host A belongs to VLAN 2 and connects to GigabitEth ernet 1/0/3 of Switch B. Host B belongs to VLAN 
3 and connects to GigabitEthernet 1/0/1 of Switch B.  
As Host A and Host B belong to different secondary VL ANs, they are isolated at Layer 2. Configure local 
proxy ARP on Switch A to implement Layer 3 communication between Host A and Host B.
    All HP manuals Comments (0)

    Related Manuals for HP 5500 Ei 5500 Si Switch Series Configuration Guide