Configuring Ip Source Guard; Establishing The Configuration Task - Huawei Quidway S3700 Series Configuration Manual
Hide thumbs
Also See for Quidway S3700 Series:
- Configuration manual (398 pages) ,
- Quick start manual (70 pages) ,
- Manual (69 pages)
Table of Contents
Advertisement
Quidway S3700 Series Ethernet Switches
Configuration Guide - Security
IP Source Guard
The IP Source Guard feature is used to check the IP packets according to the binding table,
including source IP addresses, source MAC addresses, interface, and VLAN. For example, in
the interface view you can configure the IP packet check based on:
l
l
l
l
In the VLAN view you can configure the IP packet check based on:
l
l
l
l
The S3700 provides two binding mechanisms:
l
l
5.3 Configuring IP Source Guard
This section describes how to configure IP source guard.
5.3.1 Establishing the Configuration Task
Applicable Environment
After the IP source guard function is configured on the S3700, the S3700 checks the IP packets
according to the binding table. Only the IP packets that match the content of the binding table
can be forwarded; the other IP packets are discarded.
Pre-configuration Tasks
Before configuring IP source guard, complete the following tasks:
l
Data Preparation
To configure IP source guard, you need the following data.
Issue 01 (2011-07-15)
IP+MAC
IP+VLAN
IP+MAC+VLAN
...
IP+MAC
IP+Interface
IP+MAC+Interface
...
After the DHCP snooping function is enabled for DHCP users, the binding table is
dynamically generated for the DHCP users.
When users use static IP addresses, you need to configure the binding table by running
commands.
NOTE
For the configurations of DHCP snooping, see
3.3.2 Enabling DHCP Snooping
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5 Source IP Attack Defense Configuration
3 DHCP Snooping
Configuration.
if there are DHCP users
170
Advertisement
Table of Contents
