Table of Contents
Advertisement
Displaying and Maintaining IP Source Guard
To do...
Display information about static
binding entries
Display information about
dynamic binding entries
IP Source Guard Configuration Examples
Static Binding Entry Configuration Example
Network requirements
As shown in
Figure
GigabitEthernet 1/0/1 of Switch B respectively, Host C is connected to port GigabitEthernet 1/0/2 of
Switch A, and Switch B is connected to port GigabitEthernet 1/0/1 of Switch A.
Configure static binding entries on Switch A and Switch B to meet the following requirements:
On port GigabitEthernet 1/0/2 of Switch A, only IP packets from Host C can pass.
On port GigabitEthernet 1/0/1 of Switch A, only IP packets from Host A can pass.
On port GigabitEthernet 1/0/2 of Switch B, only IP packets from Host A can pass.
On port GigabitEthernet 1/0/1 of Switch B, only IP packets from Host B can pass.
Network diagram
Figure 7-1 Network diagram for configuring static binding entries
GE1/0/2
Switch B
Host A
IP: 192.168.0.1/24
MAC: 00-01-02-03-04-06
Configuration procedure
1)
Configure Switch A
# Configure the IP addresses of various interfaces (omitted).
# Configure port GigabitEthernet 1/0/2 of Switch A to allow only IP packets with the source MAC
address of 00-01-02-03-04-05 and the source IP address of 192.168.0.3 to pass.
<SwitchA> system-view
[SwitchA] interface gigabitethernet 1/0/2
display user-bind [ interface
interface-type interface-number |
ip-address ip-address | mac-address
mac-address ]
display ip check source [ interface
interface-type interface-number |
ip-address ip-address | mac-address
mac-address ]
7-1, Host A and Host B are connected to ports GigabitEthernet 1/0/2 and
GE1/0/2
GE1/0/1
Switch A
GE1/0/1
Host B
IP: 192.168.0.2/24
MAC: 00-01-02-03-04-07
Use the command...
Host C
IP: 192.168.0.3/24
MAC : 00-01-02-03-04-05
7-3
Remarks
Available in any
view
Available in any
view
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
