Config Address_Binding Ip_Mac Ipaddress; To Configure Address Binding On The Switch; Config Address_Binding Ip_Mac Ports - D-Link xStack DGS-3400 Cli Manual

xStack

config address_binding ip_mac ipaddress

Purpose
Syntax
Description
Parameters
Restrictions
Example usage:

To configure address binding on the Switch:

D G S –3 4 26 :5 # c on f ig a d d re s s_ bi n d in g i p_ m a c i pa dd r e ss 10 .1 . 1 .3 ma c_ a d dr e ss 0 0 – 00 –
0 0 – 00 – 00 –0 5
C o m ma n d: c o n fi g a dd r e ss _ bi nd i n g i p_ ma c ip a dd re s s 1 0 .1 .1 . 3 m a c_ ad d r es s 0 0– 0 0 –0 0 –
0 0 – 00 – 05
S u c ce s s.
D G S –3 4 26 :5 #

config address_binding ip_mac ports

Purpose
Syntax
Description
®
DGS-3400 Series Layer 2 Gigabit Managed Switch CLI Manual
Used to configure an IP–MAC-Port Binding entry.
config address_binding ip_mac ipaddress <ipaddr> mac_address <macaddr>
{ports [<portlist> | all]}
This command is used to configure an IP–MAC-Port Binding entry.
<ipaddr> – The IP address of the device where the IP–MAC-Port binding is made.
<macaddr> – The MAC address of the device where the IP–MAC-Port binding is made.
ports [<portlist> | all] – Used to specify the ports where the IP–MAC-Port binding entry
applies. The port list is specified by listing the lowest switch number and the beginning
port number on that switch, separated by a colon. Then the highest switch number, and
the highest port number of the range (also separated by a colon) are specified. The
beginning and end of the port list range are separated by a dash. For example, 1:3
specifies switch number 1, port 3. 2:4 specifies switch number 2, port 4. 1:3–2:4
specifies all of the ports between switch 1, port 3 and switch 2, port 4 − in numerical
order. Non–contiguous portlist entries are separated by a comma. (ex: 1:1–1:3,1:7–1:9)
all – Specifies that all ports on the switch will be configured for address binding.
Only Administrator and Operator-level users can issue this command.
Used to configure IMPB settings for specified ports.
config address_binding ip_mac ports [ <portlist>| all ] {state [enable {[strict |
loose]} | disable] |allow_zeroip [enable | disable] |forward_dhcppkt [enable |
disable] |mode [arp | acl] |stop_learning_threshold <value 0-500>} (1)
This command is used to configure the per-port state of IP-MAC binding on the Switch. If
a port has been configured as a group member of an aggregated link, then it cannot
enable the IP-MAC binding function.
When IMPB is enabled on a port, IP packets and/or ARP packets received by this port will
be checked depending on the setting. The packet will be dropped if its IP-MAC pair does
not match the IMPB white list.
IMPB allows the user to choose either ARP or ACL mode. In ARP Mode, a switch
performs ARP Packet Inspection in which it checks the IP-MAC pairs in ARP packets with
the IMPB white list and denies unauthorized ones. An advantage of ARP mode is that it
does not consume any ACL rules on the Switch. Nonetheless, since the switch only
checks ARP packets, it cannot block unauthorized clients who do not send out ARP
packets. In ACL Mode, a switch performs IP Packet Inspection in addition to ARP Packet
Inspection. ACL rules will be used to permit statically configured IMPB entries and deny
other IP packets with the incorrect IP-MAC pairs. The distinct advantage of ACL Mode is
that it ensures better security by checking both ARP Packets and IP Packets. However,
doing so requires the use of ACL rules. ACL Mode can be viewed as an enhanced
version of ARP Mode because ARP Mode is enabled by default when ACL Mode is
selected.
There are also two port states: Strict and Loose, and only one state can be selected per
port. If a port is set to Strict state, all packets sent to the port are denied (dropped) by
default. The Switch will continuously compare all IP and ARP packets it receives on that
142