H3C S5600 SERIES Operation Manual page 671
Hide thumbs
Also See for S5600 SERIES:
- Operation manual (1278 pages) ,
- Configuration (313 pages) ,
- Operation manual (11 pages)
Table of Contents
Advertisement
Enable IP filtering on GigabitEthernet 1/0/2, GigabitEthernet 1/0/3, and GigabitEthernet 1/0/4 to
prevent attacks to the server from clients using fake source IP addresses.
Create static binding entries on the switch, so that Host A using a fixed IP address can access
external networks.
Network diagram
Figure 4-7 Network diagram for IP filtering configuration
GE1/0/1
GE1/0/2
Host A
IP:1.1.1.1
MAC:0001-0001-0001
Configuration procedure
# Enable DHCP snooping on the switch.
<Switch> system-view
[Switch] dhcp-snooping
# Specify GigabitEthernet 1/0/1 as the trusted port.
[Switch] interface GigabitEthernet1/0/1
[Switch-GigabitEthernet1/0/1] dhcp-snooping trust
[Switch-GigabitEthernet1/0/1] quit
# Enable IP filtering on GigabitEthernet 1/0/2, GigabitEthernet 1/0/3, and GigabitEthernet 1/0/4 to filter
packets based on the source IP addresses/MAC addresses.
[Switch] interface GigabitEthernet1/0/2
[Switch-GigabitEthernet1/0/2] ip check source ip-address mac-address
[Switch-GigabitEthernet1/0/2] quit
[Switch] interface GigabitEthernet1/0/3
[Switch-GigabitEthernet1/0/3] ip check source ip-address mac-address
[Switch-GigabitEthernet1/0/3] quit
[Switch] interface GigabitEthernet1/0/4
[Switch-GigabitEthernet1/0/4] ip check source ip-address mac-address
[Switch-GigabitEthernet1/0/4] quit
# Create static binding entries on GigabitEthernet 1/0/2 of the switch.
[Switch] interface GigabitEthernet1/0/2
[Switch-GigabitEthernet1/0/2] ip source static binding ip-address 1.1.1.1 mac-address
0001-0001-0001
DHCP Server
Switch
DHCP Snooping
GE1/0/4
GE1/0/3
Client C
Client B
4-12
Advertisement
Chapters
Table of Contents
Troubleshooting
