To implement dynamic binding in IP source guard, make sure that DHCP snooping or DHCP Relay
is configured and works normally. For DHCP configuration information, refer to DHCP
Configuration in the System Volume.
The dynamic binding function can be configured on Ethernet ports and VLAN interfaces.
A port takes only the latest dynamic binding entries configured on it.
Displaying and Maintaining IP Source Guard
To do...
Display information about static
binding entries
Display information about dynamic
binding entries
IP Source Guard Configuration Examples
Static Binding Entry Configuration Example
Network requirements
As shown in
Figure
GigabitEthernet 1/0/1 of Switch B respectively, Host C is connected to port GigabitEthernet 1/0/2 of
Switch A, and Switch B is connected to port GigabitEthernet 1/0/1 of Switch A.
Configure static binding entries on Switch A and Switch B to meet the following requirements:
On port GigabitEthernet 1/0/2 of Switch A, only IP packets from Host C can pass.
On port GigabitEthernet 1/0/1 of Switch A, only IP packets from Host A can pass.
On port GigabitEthernet 1/0/2 of Switch B, only IP packets from Host A can pass.
On port GigabitEthernet 1/0/1 of Switch B, only IP packets from Host B can pass.
Network diagram
Figure 1-1 Network diagram for configuring static binding entries
GE1/0/2
Switch B
Host A
IP: 192.168.0.1/24
MAC: 00-01-02-03-04-06
display user-bind [ interface interface-type
interface-number | ip-address ip-address |
mac-address mac-address ]
display ip check source [ interface
interface-type interface-number | ip-address
ip-address | mac-address mac-address ]
1-1, Host A and Host B are connected to ports GigabitEthernet 1/0/2 and
GE1/0/2
GE1/0/1
Switch A
GE1/0/1
Host B
IP: 192.168.0.2/24
MAC: 00-01-02-03-04-07
Use the command...
Host C
IP: 192.168.0.3/24
MAC : 00-01-02-03-04-05
1-3
Remarks
Available in any view
Available in any view