Manualshelf

R21xx-HP FlexFabric 11900 Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products
121122123124125126127128129130
118
Task Command
Display static IPv6 binding
entries (in standalone
mode).
display ipv6 source binding static [ ip-address ipv6-address ] [ mac-address
mac-address ] [ vlan vlan-id ] [ interface interface-type interface-number ] [ slot
slot-number ]
Display static IPv6 binding
entries (in IRF mode).
display ipv6 source binding static [ ip-address ipv6-address ] [ mac-address
mac-address ] [ vlan vlan-id ] [ interface interface-type interface-number ]
[ chassis chassis-number slot slot-number ]
Clear IPv6 binding entries. reset ipv6 source binding [ static [ ip-address ipv6-address ] ]
Static IPv4 source guard configuration example
Network requirements
As shown in Figure 40, all hosts use static IP addresses.
Configure static IPv4 source guard binding entries on Switch A and Switch B to meet the following
requirements:
On port Ten-GigabitEthernet 1/0/2 of Switch A, only IP packets from Host C can pass.
On port Ten-GigabitEthernet 1/0/1 of Switch A, only IP packets from Host A can pass.
On port Ten-GigabitEthernet 1/0/2 of Switch B, only IP packets from Host A can pass.
On port Ten-GigabitEthernet 1/0/1 of Switch B, only IP packets from Host B can pass.
Figure 40 Network diagram
Configuration procedure
1. Configure Switch A:
# Configure IP addresses for the interfaces. (Details not shown.)
# Enable IPv4 source guard on port Ten-GigabitEthernet 1/0/2.
<SwitchA> system-view
[SwitchA] interface ten-gigabitethernet 1/0/2
[SwitchA-Ten-GigabitEthernet1/0/2] ip verify source ip-address mac-address
# On Ten-GigabitEthernet 1/0/2, configure a static IPv4 source guard binding entry to allow only
IP packets with the source MAC address of 0001-0203-0405 and the source IP address of
192.168.0.3 to pass.
[SwitchA-Ten-GigabitEthernet1/0/2] ip source binding ip-address 192.168.0.3
mac-address 0001-0203-0405