Configuring The Check Items Of Ip Packets - Huawei Quidway S3700 Series Configuration Manual
Hide thumbs
Also See for Quidway S3700 Series:
- Configuration manual (398 pages) ,
- Quick start manual (70 pages) ,
- Manual (69 pages)
Table of Contents
Advertisement
Quidway S3700 Series Ethernet Switches
Configuration Guide - Security
Or, run:
vlan vlan-id
The VLAN view is displayed.
Step 3 Run:
ip source check user-bind enable
The IP source guard function is enabled on the interface.
By default, the S3700 are not enabled with the IP source guard function.
----End
5.3.4 Configuring the Check Items of IP Packets
Context
After the function of checking IP packets is enabled, the S3700 checks the received IP packets
against the binding table. The check items include the source IPv4 address, source IPv6 address,
source MAC address, VLAN ID, and interface number.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
This is a user-side interface.
Or, run:
vlan vlan-id
The VLAN view is displayed.
Step 3 In the interface view, run:
ip source check user-bind check-item { ip-address | mac-address | vlan }
Or in the VLAN view, run:
ip source check user-bind check-item { ip-address | mac-address | interface }
The check items of IP packets are configured.
When receiving an IP packet, the interface checks the IP packet according to the check items,
including the source IPv4 address, source MAC address, VLAN, or the combination of these
three items. If the IP packet matches the binding table according to the check items, the packet
is forwarded; otherwise, the packet is discarded.
By default, the check items consist of the IPv4 address, IPv6 address, MAC address, VLAN ID,
and interface number.
Issue 01 (2011-07-15)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5 Source IP Attack Defense Configuration
*
*
172
Advertisement
Table of Contents
