Wired Intelligent Edge

Hi All,

I am new to HP ProCurve switches, we have just bought 4 HP ProCurve J9727A Sws. I've deployed dynamic VLANs with Active Directory and NPS server. Also enable DHCP Snooping. But now I've an issue in ARP-PROTECT. When I enable this feature the network gets down. 

In my scenario I've the following VLANs.

VLAN 1 (Default) for Wireless Users.

VLAN 10 for Guest Network

VLAN 11 for DMZ

VLAN 12 for Servers

VLAN 13 for MPLS for WAN

VLAN 14 for Switches

VLAN 15 for Voice / IP Phone

VLAN 16 for Untrust Finger Print devices

VLAN 17 through 22 for departments.

My UP Link ports are 23-24

Can anyone help me by giving commands to apply for maximum security. 

Thanks

Regards

Faisal

Did you configure ports 23-24 as trusted ports?

Did you add in any non-DHCP IP addresses to the static bindings on each switch?

Did you verify each switch's static bindings to see what is in them?

++  Vince-Whirlwind

Thanks for your kind reply. I can share with you the configurations if you can give me your meail or shall I send you in private ?

I did configure the trunk ports are trusted. 

There's no static binding for non DHCP.

I didn't verify the static bindings. I simply applied the following configuration in switches. Also the DHCP Snooping is already enabled with the trusted ports.

SW1
arp-protect
arp-protect trust 19,20-24
arp-protect vlan 1-30

SW2
arp-protect
arp-protect trust 22-24
arp-protect vlan 1-30

SW3
arp-protect
arp-protect trust 23-24
arp-protect vlan 1-30

SW4
arp-protect
arp-protect trust 23-24
arp-protect vlan 1-30

Please advise what further command to be run.

Regards.

Faisal