HP FlexFabric 11000 Switch Products : R211x-HP Flexfabric 11900 Security Configuration Guide : Page 8

vi

IP source guard configuration task list ······················································································································· 206

Configuring the IPv4 source guard function ·············································································································· 207

Enabling IPv4 source guard on an interface ···································································································· 207

Configuring a static IPv4 source guard binding entry····················································································· 208

Configuring the IPv6 source guard function ·············································································································· 209

Enabling IPv6 source guard on an interface ···································································································· 209

Configuring a static IPv6 source guard binding entry····················································································· 210

Displaying and maintaining IP source guard ············································································································ 210

IP source guard configuration examples ··················································································································· 211

Static IPv4 source guard configuration example ····························································································· 211

Dynamic IPv4 source guard using DHCP snooping configuration example ················································· 213

Dynamic IPv4 source guard using DHCP relay configuration example ························································ 214

Static IPv6 source guard configuration example ····························································································· 215

Configuring ARP attack protection ························································································································· 216

ARP attack protection configuration task list ············································································································· 216

Configuring unresolvable IP attack protection ·········································································································· 217

Configuring ARP source suppression ················································································································ 217

Enabling ARP blackhole routing ························································································································ 217

Displaying and maintaining unresolvable IP attack protection ······································································ 217

Configuration example ······································································································································· 218

Configuring ARP packet rate limit ······························································································································ 219

Configuration guidelines ···································································································································· 219

Configuration procedure ···································································································································· 219

Configuring source MAC-based ARP attack detection ···························································································· 219

Configuration procedure ···································································································································· 220

Displaying and maintaining source MAC-based ARP attack detection ························································· 220

Configuration example ······································································································································· 221

Configuring ARP packet source MAC consistency check ························································································ 222

Configuring ARP active acknowledgement ··············································································································· 222

Configuring authorized ARP ······································································································································· 222

Configuration procedure ···································································································································· 222

Configuration example (on a DHCP server) ····································································································· 223

Configuration example (on a DHCP relay agent) ···························································································· 224

Configuring ARP detection ·········································································································································· 225

Configuring user validity check ························································································································· 226

Configuring ARP packet validity check ············································································································· 226

Configuring ARP restricted forwarding ············································································································· 227

Displaying and maintaining ARP detection ······································································································ 227

User validity check and ARP packet validity check configuration example ·················································· 228

Configuring ARP automatic scanning and fixed ARP ······························································································· 229

Configuration guidelines ···································································································································· 229

Configuration procedure ···································································································································· 230

Configuring ARP gateway protection ························································································································ 230

Configuration guidelines ···································································································································· 230

Configuration procedure ···································································································································· 230

Configuration example ······································································································································· 231

Configuring ARP filtering ············································································································································· 231

Configuration guidelines ···································································································································· 232

Configuration procedure ···································································································································· 232

Configuration example ······································································································································· 232

Configuring uRPF ····················································································································································· 234

Overview ······································································································································································· 234

uRPF check modes ··············································································································································· 234