Ip Source; Ip Source Guard Overview; Configuring A Static Binding Entry - 3Com Switch 4800G 24-Port Configuration Manual

21
IP Source Guard
Overview
Configuring a Static
Binding Entry
IP S
OURCE
When configuring IP Source Guard, go to these sections for information you are
interested in:
"IP Source Guard Overview" on page 177
■
"Configuring a Static Binding Entry" on page 177
■
"Configuring Dynamic Binding Function" on page 178
■
"Displaying IP Source Guard" on page 178
■
"IP Source Guard Configuration Examples" on page 178
■
"Troubleshooting" on page 182
■
By filtering packets on a per-port basis, IP source guard prevents packets with
illegal IP addresses and MAC addresses from traveling through, improving the
network security. After receiving a packet, the port looks up the key attributes
(including IP address, MAC address and VLAN tag) of the packet in the binding
entries of the IP source guard. If there is a matching entry, the port will forward the
packet. Otherwise, the port will abandon the packet.
IP source guard filters packets based on the following types of binding entries:
IP-port binding entry
■
MAC-port binding entry
■
IP-MAC-port binding entry
■
You can manually set static binding entries, or use DHCP Snooping to provide
dynamic binding entries. Binding is on a per-port basis. After a binding entry is
configured on a port, it is effective only to the port, instead of other ports.
c
CAUTION: IP source guard and aggregation group configuration are mutually
exclusive.
Follow these steps to configure a static binding entry:
To do...
Enter system view
Enter interface view
G C
UARD ONFIGURATION
Use the command...
system-view
interface interface-type
interface-number
Remarks
-
-