R3303-HP HSR6800 Routers Security Configuration Guide
28
Figure 134 Network diagram
Configuration procedure
1. Configure Router A:
# Enable IPv4 source guard on GigabitEthernet 3/0/2 to filter packets based on both the source
IP address and MAC address.
<RouterA> system-view
[RouterA] interface gigabitethernet 3/0/2
[RouterA-GigabitEthernet3/0/2] ip verify source ip-address mac-address
# Configure GigabitEthernet 3/0/2 to allow only IP packets with the source MAC address of
0001-0203-0405 and the source IP address of 192.168.0.3 to pass.
[RouterA] interface gigabitethernet 3/0/2
[RouterA-GigabitEthernet3/0/2] ip source binding ip-address 192.168.0.3 mac-address
0001-0203-0405
[RouterA-GigabitEthernet3/0/2] quit
# Enable IPv4 source guard on GigabitEthernet 3/0/1 to filter packets based on both the source
IP address and MAC address.
[RouterA] interface gigabitethernet 3/0/1
[RouterA-GigabitEthernet3/0/1] ip verify source ip-address mac-address
# Configure GigabitEthernet 3/0/1 to allow only IP packets with the source MAC address of
0001-0203-0406 and the source IP address of 192.168.0.1 to pass.
[RouterA-GigabitEthernet3/0/1] ip source binding ip-address 192.168.0.1 mac-address
0001-0203-0406
[RouterA-GigabitEthernet3/0/1] quit
2. Configure Router B:
# Enable IPv4 source guard on GigabitEthernet 3/0/2 to filter packets based on both the source
IP address and MAC address.
<RouterB> system-view
[RouterB] interface gigabitethernet 3/0/2
[RouterB-GigabitEthernet3/0/2] ip verify source ip-address mac-address
# Configure GigabitEthernet 3/0/2 to allow only IP packets with the source MAC address of
0001-0203-0406 and the source IP address of 192.168.0.1 to pass.
[RouterB-GigabitEthernet3/0/2] ip source binding ip-address 192.168.0.1 mac-address
0001-0203-0406
[RouterB-GigabitEthernet3/0/2] quit