Manualshelf

R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
441442443444445446447448449450
44
# Configure the upstream port as an ARP-trusted port (a port is an untrusted port by default).
[RouterB-vlan10] interface gigabitethernet 3/0/3
[RouterB-GigabitEthernet3/0/3] port link-mode bridge
[RouterB-GigabitEthernet3/0/3] arp detection trust
[RouterB-GigabitEthernet3/0/3] quit
After the configurations are completed, ARP packets received on interfaces GigabitEthernet
3/0/1 and GigabitEthernet 3/0/2 are checked against 802.1X entries.
User validity check and ARP packet validity check
configuration example
Network requirements
As shown in Figure 141,
Configure the DHCP server on Router A.
Configure DHCP snooping on Router B.
Configure a static IP source guard binding entry for Host B on Router B.
Enable ARP detection and ARP packet validity check in VLAN 10.
Figure 141 Network diagram
Configuration procedure
1. Add all ports on Router B to VLAN 10, and configure the IP address of VLAN-interface 10 on
Router A. (Details not shown.)
2. Configure Router A as a DHCP server:
<RouterA> system-view
[RouterA] dhcp enable
[RouterA] dhcp server ip-pool 0
[RouterA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0
3. Configure the DHCP client on Host A and Host B. (Details not shown.)
4. Configure Router B: