R3102-R3103-HP 6600/HSR6600 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6602-G Router

Configuring IP source guard ·································································································································· 499

Overview ······································································································································································· 499

Static IP source guard entries ····························································································································· 499

Dynamic IP source guard entries ······················································································································· 500

Configuring IPv4 source guard ··································································································································· 500

Enabling IPv4 source guard on a port ·············································································································· 500

Configuring a static IPv4 source guard entry ··································································································· 501

Setting the maximum number of IPv4 source guard entries ············································································ 502

Displaying and maintaining IP source guard ············································································································ 502

Static IPv4 source guard entry configuration example ···························································································· 503

Dynamic IPv4 source guard by DHCP snooping configuration example ······························································ 505

Dynamic IPv4 source guard by DHCP relay configuration example ······································································ 506

Troubleshooting IP source guard ································································································································ 507

Configuring ARP attack protection ························································································································· 508

ARP attack protection configuration task list ············································································································· 508

Configuring unresolvable IP attack protection ·········································································································· 509

Configuring ARP source suppression ················································································································ 509

Enabling ARP black hole routing ······················································································································· 509

Displaying and maintaining ARP source suppression ····················································································· 510

Configuration example ······································································································································· 510

Configuring ARP packet rate limit ······························································································································ 511

Configuring ARP packet source MAC consistency check ························································································ 511

Configuring ARP active acknowledgement ··············································································································· 512

Configuring authorized ARP ······································································································································· 512

Configuration example (on a DHCP server) ····································································································· 513

Authorized ARP configuration example (on a DHCP relay agent) ································································ 514

Configuring ARP detection ·········································································································································· 515

Configuring user validity check ························································································································· 516

Configuring ARP packet validity check ············································································································· 517

Configuring ARP restricted forwarding ············································································································· 517

Displaying and maintaining ARP detection ······································································································ 518

User validity check configuration example ······································································································· 518

User validity check and ARP packet validity check configuration example ·················································· 520

ARP restricted forwarding configuration example ··························································································· 521

Configuring ARP automatic scanning and fixed ARP ······························································································· 523

Configuration guidelines ···································································································································· 523

Configuration procedure ···································································································································· 524

Configuring ARP gateway protection ························································································································ 524

ARP gateway protection configuration example ······························································································ 525

Configuring ARP filtering ············································································································································· 525

ARP filtering configuration example ·················································································································· 526

Configuring ND attack defense ····························································································································· 527

Enabling source MAC consistency check for ND packets ······················································································· 528

Configuring URPF ···················································································································································· 529

URPF check modes ·············································································································································· 529

URPF features ······················································································································································· 529

URPF work flow ···················································································································································· 530

Network application ··········································································································································· 532

Configuring URPF on an interface ······························································································································ 532

URPF configuration example ······································································································································· 533