Ip Source Guard Configuration Examples; Static Ipv4 Source Guard Entry Configuration Example - HP 12500 Series Configuration Manual

IP source guard configuration examples

IMPORTANT:
By default, Ethernet interfaces, VLAN interfaces, and aggregate interfaces are in DOWN state. To
configure such an interface, first use the undo shutdown command to bring the interface up.

Static IPv4 source guard entry configuration example

Network requirements
As shown in
GigabitEthernet 3/0/1 of Device B, respectively. Host C is connected to port GigabitEthernet 3/0/2 of
Device A. Device B is connected to port GigabitEthernet 3/0/1 of Device A. All hosts use static IP
addresses.
Configure static IPv4 source guard entries on Device A and Device B to meet the following requirements:
On port GigabitEthernet 3/0/2 of Device A, only IP packets from Host C can pass.
•
On port GigabitEthernet 3/0/1 of Device A, only IP packets from Host A can pass.
•
• On port GigabitEthernet 3/0/2 of Device B, only IP packets from Host A can pass.
On port GigabitEthernet 3/0/1 of Device B, only IP packets sourced from 192.168.0.2/24 can
•
pass. Host B can communicate with Host A by using this IP address even if it uses another network
adapter.
Figure 87 Network diagram
Configuration procedure
Configure Device A:
1.
# Configure the IPv4 source guard function on GigabitEthernet 3/0/2 to filter packets based on
both the source IP address and MAC address.
<DeviceA> system-view
[DeviceA] interface GigabitEthernet 3/0/2
[DeviceA-GigabitEthernet3/0/2] ip verify source ip-address mac-address
# Configure GigabitEthernet 3/0/2 to allow only IP packets with the source MAC address of
0001-0203-0405 and the source IP address of 192.168.0.3 to pass.
[DeviceA] interface GigabitEthernet 3/0/2
[DeviceA-GigabitEthernet3/0/2] ip source binding ip-address 192.168.0.3 mac-address
0001-0203-0405
Figure 87, Host A and Host B are connected to ports GigabitEthernet 3/0/2 and
257