Checking The Configuration - Huawei Quidway S9300 Configuration Manual

Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
Context
After the function of checking IP packets is enabled, the S9300 checks the received IP packets
against the binding table. The check items include the source IPv4 address, source IPv6 address,
source MAC address, VLAN ID, and interface number.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
This is a user-side interface. The interface can be an Ethernet interface, a GE interface, or an
Eth-Trunk interface.
Or, run:
vlan vlan-id
The VLAN view is displayed.
Step 3 In the interface view, run:
ip source check user-bind check-item { [ ip-address | ipv6-address ] | mac-address
| vlan }
Or in the VLAN view, run:
ip source check user-bind check-item { [ ip-address | ipv6-address ] | mac-address
| interface }
The check items of IP packets are configured.
When receiving an IP packet, the interface checks the IP packet according to the check items,
including the source IPv4 or IPv6 address, source MAC address, VLAN, or the combination of
these three items. If the IP packet matches the binding table according to the check items, the
packet is forwarded; otherwise, the packet is discarded.
By default, the check items consist of the IPv4 address, IPv6 address, MAC address, VLAN ID,
and interface number.
----End

5.3.5 Checking the Configuration

Prerequisite
The configurations of IP source guard are complete.
Issue 06 (2010–01–08)
*
*
NOTE
This command is valid only for dynamic binding entries.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5 Source IP Attack Defense Configuration
5-7