Configuration Examples; Example For Configuring Ip Source Guard; Figure 3-2 Networking Diagram For Configuring Ip Source Guard - Huawei Quidway S9300 Configuration Manual

3 IP Source Guard Configuration
Example
After the configuration, run the display user-bind user-type static command, and you can view
information about the static binding table.
<Quidway> display user-bind user-type static
ifname
-------------------------------------------------------------------------------
GE1/0/0
-------------------------------------------------------------------------------
total count : 1
Run the display ip source check user-bind interface command, and you can view the
configuration of the IP source guard function on the interface.
<Quidway> display ip source check user-bind interface GigabitEthernet 1/0/0
ip source check user-bind enable
ip source check user-bind check-item ip-address

3.4 Configuration Examples

This section provides a configuration example of IP source guard.

3.4.1 Example for Configuring IP Source Guard

3.4.1 Example for Configuring IP Source Guard
Networking Requirements
As shown in
connected to the S9300 through GE 1/0/2. You need to configure the IP source guard function
on the S9300 so that Host B cannot forge the IP address and MAC address on Host A and the
IP packets from Host A can be sent to the server.

Figure 3-2 Networking diagram for configuring IP source guard

Host A
IP:10.0.0.1/24
MAC:1-1-1
3-6
p/cvlan tp lease
0100/0000 S
Figure 3-2, Host A is connected to the S9300through GE 1/0/1 and Host B is
Server
S9300
GE1/0/1 GE1/0/2
Host B
IP:10.0.0.2/24
MAC:2-2-2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
mac-address
0 0001-0203-0406 010.000.000.001
Packets:
SIP:10.0.0.1/24
SMAC:2-2-2
(Attacker)
Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
ip-address
vpn-instance
Issue 01 (2009-07-28)