Configure Host Guard Function
Configuration Condition
None
Configure Host Guard Group
Host guard group comprises a series of host guard group rules. We can configure the IP addresses of the gateway and important server in the network as the rules in the host guard group.
Table 10-2 Configure the host guard group
|
Step
|
Command
|
Description
|
|
Enter global configuration mode
|
configure terminal
|
-
|
|
Create the host guard group
|
host-guard group group-name
|
Mandatory
By default, do not create any host guard group.
|
|
Configure the host guard group rule
|
permit host ip-address
|
Mandatory
By default, do not configure host guard group rule.
|
-
Each host guard group supports 128 host guard group rules at most.
Configure Application of Host Guard Group
Apply the host guard group to the port. We can monitor the received ARP packets, realizing the protection for the ARP table.
Table 10-3 Configure the application of the host guard group
|
Step
|
Command
|
Description
|
|
Enter global configuration mode
|
configure terminal
|
-
|
|
Enter the L2 Ethernet interface configuration mode
|
interface interface-name
|
Either
After entering the L2 Ethernet interface configuration mode, the subsequent configuration just takes effect on the current port. After entering the aggregation group configuration mode, the subsequent configuration just takes effect on the aggregation group.
|
|
Enter the aggregation group configuration mode
|
interface link-aggregation link-aggregation-id
|
|
Configure the application of the host guard group
|
host-guard binding group-name
|
Mandatory
By default, there is no applied host guard group on the port or aggregation group.
|
Switch
.png){kind=icon}
.png){kind=logo}
