Manualshelf

R3303-HP 6600/HSR6600 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6602-G Router
531532533534535536537538539540
523
Configure DHCP snooping on Router B.
Configure a static IP source guard binding entry for Host B on Router B.
Enable ARP detection and ARP packet validity check in VLAN 10.
Figure 252 Network diagram
Configuration procedure
1. Add all ports on Router B to VLAN 10, and configure the IP address of VLAN-interface 10 on
Router A. (Details not shown.)
2. Configure Router A as a DHCP server:
<RouterA> system-view
[RouterA] dhcp enable
[RouterA] dhcp server ip-pool 0
[RouterA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0
3. Configure the DHCP client on Host A and Host B. (Details not shown.)
4. Configure Router B:
# Enable DHCP snooping.
<RouterB> system-view
[RouterB] dhcp-snooping
[RouterB] interface gigabitethernet 3/0/3
[RouterB-GigabitEthernet3/0/3] port link-mode bridge
[RouterB-GigabitEthernet3/0/3] dhcp-snooping trust
[RouterB-GigabitEthernet3/0/3] quit
# Enable ARP detection for VLAN 10.
[RouterB] vlan 10
[RouterB-vlan10] arp detection enable
# Configure the upstream port as a trusted port (a port is an untrusted port by default).
[RouterB-vlan10] interface gigabitethernet 3/0/3
[RouterB-GigabitEthernet3/0/3] port link-mode bridge
[RouterB-GigabitEthernet3/0/3] arp detection trust
[RouterB-GigabitEthernet3/0/3] quit