Configuring The Dynamic Ip Source Guard Binding Function; Displaying And Maintaining Ip Source Guard - H3C S9500E Series Security Configuration Manual

Routing switches

Hide thumbs Also See for S9500E Series:

Configuration manual (459 pages)

Command reference manual (225 pages)

Installation manual (154 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

Table of Contents

Configuring the dynamic IP source guard

binding function

After the dynamic IP source guard binding function is enabled on a port, IP source guard will

obtain binding entries dynamically through cooperation with DHCP protocols.

•

Cooperating with DHCP snooping, IP source guard will automatically obtain the DHCP

snooping entries that are generated during dynamic IP address allocation on an Ethernet

port.

•

Cooperating with DHCP Relay, IP source guard will automatically obtain the DHCP Relay

entries that are generated during dynamic IP address allocation across network segments on

a VLAN interface.

Dynamic IP source guard entries can contain such information as MAC address, IP address, VLAN

tag, ingress port information, and entry type (DHCP snooping or DHCP relay). IP source guard

applies these binding entries to the port, so that the port can filter packets accordingly.

Follow these steps to configure the dynamic IP source guard binding function:

To do...

Enter system view

Enter interface view

Configure the dynamic IP

source guard binding function

The dynamic binding function can be configured on Ethernet interfaces and VLAN interfaces.

•

If you configure dynamic IP source guard binding on a port for multiple times, the last configuration will

•

overwrite the previous configuration on the port.

Displaying and maintaining IP source guard

To do...

Display information about static

IP source guard binding entries

Display information about

dynamic IP source guard

binding entries on a switch in

standalone mode

Display information about

dynamic IP source guard

binding entries on a switch in

IRF mode

Use the command...

system-view

interface interface-type interface-

number

ip check source { ip-address

| ip-address mac-address |

mac-address }

Use the command...

display user-bind [ interface interface-type

interface-number | ip-address ip-address |

mac-address mac-address ]

display ip check source [ interface

interface-type interface-number | ip-address

ip-address | mac-address mac-address ] [

slot slot-number ]

display ip check source [ interface

interface-type interface-number | ip-address

ip-address | mac-address mac-address ] [

chassis chassis-number slot slot-number ]

155

Remarks

—

Required

Not configured by default

Remarks

Available in any view

Table of Contents

Configuring The Dynamic Ip Source Guard Binding Function; Displaying And Maintaining Ip Source Guard - H3C S9500E Series Security Configuration Manual

Displaying and maintaining IP source guard

Troubleshooting

Related Manuals for H3C S9500E Series

Related Content for H3C S9500E Series

Table of Contents