Configuring Ip Source Guard; Establishing The Configuration Task; Optional) Configuring A Static User Binding Entry - Huawei Quidway S9300 Configuration Manual

Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
l

5.3 Configuring IP Source Guard

This section describes how to configure IP source guard.

5.3.1 Establishing the Configuration Task

5.3.2 (Optional) Configuring a Static User Binding Entry

5.3.3 Enabling IP Source Guard
5.3.4 Configuring the Check Items of IP Packets
5.3.5 Checking the Configuration
5.3.1 Establishing the Configuration Task
Applicable Environment
After the IP source guard function is configured on the S9300, the S9300 checks the IP packets
according to the binding table. Only the IP packets that match the content of the binding table
can be forwarded; the other IP packets are discarded.
Pre-configuration Tasks
Before configuring IP source guard, complete the following tasks:
l
Data Preparation
To configure IP source guard, you need the following data.
No.
1
2
5.3.2 (Optional) Configuring a Static User Binding Entry
Issue 06 (2010–01–08)
Loose check: Regardless whether the source addresses of packets exist in the FIB table of
the S9300, or whether the corresponding outbound interfaces match the inbound interfaces
of the packets, packets are forwarded.
NOTE
The S9300 supports the checking of the source IPv4 addresses and source IPv6 addresses of the packets
passing the inbound interface.
3.3.2 Enabling DHCP Snooping
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5 Source IP Attack Defense Configuration
if there are DHCP users
Data
(Optional) User information in a static
binding entry, including the IPv4 or IPv6
address, MAC address, VLAN ID, and
interface number of the user
Type and number of the interface enabled
with the IP source guard function
5-5