Enabling Ip Source Guard; Configuring The Check Items Of Ip Packets - Huawei Quidway S9300 Configuration Manual
Terabit routing switch
Hide thumbs
Also See for Quidway S9300:
- Configuration manual - network management (630 pages) ,
- Configuration manual (603 pages) ,
- Configuration manual - multicast (262 pages)
Table of Contents
Advertisement
5 Source IP Attack Defense Configuration
Context
Before forwarding the data of the users who assigned IP addresses statically, the S9300 cannot
automatically learn the MAC addresses of the users or generate binding table entries for these
users. You need to create the binding table manually.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
user-bind static { [ ip-address ip-address | ipv6-address ipv6-address ] | mac-
address mac-address }
[ cevlan vlan-id ] ]
A static user binding entry is configured.
----End
5.3.3 Enabling IP Source Guard
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
This is a user-side interface. The interface can be an Ethernet interface, a GE interface, or an
Eth-Trunk interface.
Or, run:
vlan vlan-id
The VLAN view is displayed.
Step 3 Run:
ip source check user-bind enable
The IP source guard function is enabled on the interfaceor in a VLAN.
By default, the interfaces or interfaces in a VLANof an S9300 are not enabled with the IP source
guard function.
----End
5.3.4 Configuring the Check Items of IP Packets
5-6
*
[ interface interface-type interface-number | vlan vlan-id
*
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
Issue 06 (2010–01–08)
Advertisement
Chapters
Table of Contents
