R21xx-HP FlexFabric 11900 Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products

121

122

123

124

125

126

127

128

129

130

119

[SwitchA-Ten-GigabitEthernet1/0/2] quit

# Enable IPv4 source guard on port Ten-GigabitEthernet 1/0/1.

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] ip verify source ip-address mac-address

# On Ten-GigabitEthernet 1/0/1, configure a static IPv4 source guard binding entry to allow only

IP packets with the source MAC address of 0001-0203-0406 and the source IP address of

192.168.0.1 to pass.

[SwitchA-Ten-GigabitEthernet1/0/1] ip source binding ip-address 192.168.0.1

mac-address 0001-0203-0406

[SwitchA-Ten-GigabitEthernet1/0/1] quit

2. Configure Switch B:

# Configure an IP address for each interface. (Details not shown.)

# Enable IPv4 source guard on port Ten-GigabitEthernet 1/0/2.

<SwitchB> system-view

[SwitchB] interface ten-gigabitethernet 1/0/2

[SwitchB-Ten-GigabitEthernet1/0/2] ip verify source ip-address mac-address

# On Ten-GigabitEthernet 1/0/2, configure a static IPv4 source guard binding entry to allow only

IP packets with the source MAC address of 0001-0203-0406 and the source IP address of

192.168.0.1 to pass.

[SwitchB-Ten-GigabitEthernet1/0/2] ip source binding ip-address 192.168.0.1

mac-address 0001-0203-0406

[SwitchB-Ten-GigabitEthernet1/0/2] quit

# Enable IPv4 source guard on port Ten-GigabitEthernet 1/0/1.

[SwitchB] interface ten-gigabitethernet 1/0/1

[SwitchB-Ten-GigabitEthernet1/0/1] ip verify source ip-address mac-address

# On Ten-GigabitEthernet 1/0/1, configure a static IPv4 source guard binding entry to allow only

IP packets with the source MAC address of 0001-0203-0407 and the source IP address of

192.168.0.2 to pass.

[SwitchB-Ten-GigabitEthernet1/0/1] ip source binding ip-address 192.168.0.2

mac-address 0001-0203-0407

[SwitchB-Ten-GigabitEthernet1/0/1] quit

3. Verify the configuration:

# Display static IPv4 source guard binding entries on Switch A. The output shows that the static

IPv4 source guard binding entries are configured successfully.

<SwitchA> display ip source binding static

Total entries found: 2

IP Address MAC Address Interface VLAN Type

192.168.0.1 0001-0203-0405 XGE1/0/2 N/A Static

192.168.0.3 0001-0203-0406 XGE1/0/1 N/A Static

# Display static IPv4 source guard binding entries on Switch B. The output shows that the static IPv4

source guard binding entries are configured successfully.

<SwitchB> display ip source binding static

Total entries found: 2

IP Address MAC Address Interface VLAN Type

192.168.0.1 0001-0203-0406 XGE1/0/2 N/A Static

192.168.0.2 0001-0203-0407 XGE1/0/1 N/A Static