HP A 5120 Manual

Here you can view all the pages of manual HP A 5120 Manual. The HP manuals for Switch are available online for free. You can easily download all the documents as PDF.

Overview View all the pages Comments

Page 261

 
251 
Figure 76 Network diagram for excluded port application in IP source guard global static binding 
 
 
 NOTE: 
After you configure IPv4 or IPv6 global static binding entries on a switch, configure the uplink port of 
the switch as an excluded port of global static binding to ensure packet forwarding between VLANs.  
Dynamic IP source guard binding 
Dynamic  IP  source  guard entries  are  generated  dynamically  according  to client  entries  on  the  DHCP 
snooping or DHCP relay agent device. They...

Page 262

 
252 
Configuring a static IPv4 source guard binding entry 
Follow these steps to configure a global static IPv4 source guard entry: 
To do… Use the command… Remarks 
Enter system view system-view — 
Configure a global static IPv4 
source guard binding entry 
user-bind ip-address ip-address mac-
address mac-address 
Required 
No global static binding 
entry exists by default. 
Enter Layer 2 Ethernet port view interface interface-type interface-number — 
Specify the uplink port as an 
excluded port of...

Page 263

 
253 
 On a  VLAN interface, IP  source  guard cooperates with DHCP relay,  dynamically  obtains  the  DHCP 
relay  entries  generated during  dynamic  IP  address  allocation  across network  segments, and 
generates IP source guard entries accordingly. 
Dynamic IPv4 source guard entries can contain such information as the MAC address, IP address, VLAN 
tag,  ingress  port  information,  and  entry  type (DHCP  snooping  or  DHCP  relay),  where  the MAC  address, 
IP  address, or VLAN  tag...

Page 264

 
254 
To do… Use the command… Remarks 
Specify the uplink port as an 
excluded port of the global static 
binding entry 
user-bind uplink  
Optional 
By default, a port is not an 
excluded port. When you 
configure global static 
binding entries on a switch, 
specify the uplink port of 
the switch as an excluded 
port of the global static 
binding entries. 
 
Follow the steps to configure a port-based static IPv6 source guard binding entry: 
To do… Use the command… Remarks 
Enter system view system-view...

Page 265

 
255 
To do… Use the command… Remarks 
Enter system view system-view — 
Enter interface view interface interface-type interface-
number — 
Configure dynamic IPv6 source 
guard binding function 
ip check source ipv6 { ip-address 
| ip-address mac-address | mac-
address } 
Required 
Not configured by default 
 
 NOTE: 
 To implement dynamic IPv6 source guard binding, make sure that DHCPv6 snooping or ND snooping is 
configured and works normally. For DHCPv6 and ND snooping configuration information, see...

Page 266

 
256 
IP source guard configuration examples 
Static IPv4 source guard binding entry configuration example 
Network requirements 
As  shown  in Figure  77,  Host  A  and  Host  B  are  connected to ports GigabitEthernet  1/0/2 and 
GigabitEthernet  1/0/1  of Device B  respectively,  Host  C  is  connected  to  port GigabitEthernet  1/0/2 of 
Device A, and Device B is connected to port GigabitEthernet 1/0/1 of Device A. 
Configure  static  IPv4  source  guard  binding  entries  on  Device  A  and  Device...

Page 267

 
257 
#  Configure  port GigabitEthernet  1/0/2 of Device B  to  allow  only  IP  packets  with  the  source  MAC 
address of 0001-0203-0406 and the source IP address of 192.168.0.1 to pass. 
 system-view 
[DeviceB] interface gigabitethernet 1/2 
[DeviceB-GigabitEthernet1/0/2]  user-bind  ip-address 192.168.0.1 mac-address 0001-0203-
0406 
[DeviceB-GigabitEthernet1/0/2] quit 
#  Configure  port GigabitEthernet  1/0/1  of Device B  to  allow  only  IP  packets  with  the  source  MAC 
address of...

Page 268

 
258 
Figure 78 Network diagram for configuring global static binding excluded port 
 
Configuration procedure 
Configure Device B 
# Create VLAN 10, and add port GigabitEthernet 1/0/2 to VLAN 10. 
 system-view 
[DeviceB] vlan 10 
[DeviceB-vlan10] port gigabitethernet 1/0/2 
[DeviceB-vlan10] quit 
# Create VLAN 20, and add port GigabitEthernet 1/0/3 to VLAN 20. 
[DeviceB] vlan 20 
[DeviceB-vlan20] port gigabitethernet 1/0/3 
[DeviceB-vlan20] quit 
#  Specify  port  GigabitEthernet 1/0/1  as  a  trunk...

Page 269

 
259 
[DeviceB] display user-bind 
Total entries found: 2 
 MAC Address       IP Address       VLAN   Interface            Type 
 0001-0203-0406    192.168.0.2      N/A    N/A                  Static 
 0001-0203-0407    192.168.1.2      N/A    N/A                  Static 
Host A and Host B can ping each other. 
Dynamic IPv4 source guard binding by DHCP snooping 
configuration example 
Network requirements 
As  shown  in Figure  79,  the  device connects to the  host (client) and  the  DHCP server...

Page 270

 
260 
[Device-GigabitEthernet1/0/1] quit 
Verification 
# Display the dynamic IPv4 source guard binding entries generated on port GigabitEthernet 1/0/1. 
[Device-GigabitEthernet1/0/1] display ip check source 
Total entries found: 1 
 MAC Address       IP Address       VLAN   Interface             Type 
 0001-0203-0406    192.168.0.1      1      GE1/0/1               DHCP-SNP 
#  Display  DHCP snooping  entries to  see  whether they  are consistent with  the  dynamic  entries  generated 
on...

Start reading HP A 5120 Manual

Related Manuals for HP A 5120 Manual

HP 18108 Instruction Manual
71 pages | HP Switch
HP A 5120 Manual
1464 pages | HP Switch

All HP manuals