R2511-HP MSR Router Series Security Configuration Guide(V5)
417
To configure the maximum number of IPv4 binding entries allowed on a port:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type
interface-number
N/A
3. Configure the maximum
number of IPv4 binding
entries allowed on the port.
ip verify source max-entries
number
Optional.
Displaying and maintaining IP source guard
Task Command
Remarks
Display static IP source guard
binding entries.
display ip source binding static [ interface
interface-type interface-number |
ip-address ip-address | mac-address
mac-address ] [ | { begin | exclude |
include } regular-expression ]
Available in any view.
Display IP source guard binding
entries.
display ip source binding [ interface
interface-type interface-number |
ip-address ip-address | mac-address
mac-address ] [ | { begin | exclude |
include } regular-expression ]
Available in any view.
Static IPv4 source guard binding entry
configuration example
Network requirements
As shown in Figure 137, Host A and Host B are connected to ports Ethernet 1/2 and Ethernet 1/1 of
Device B respectively, Host C is connected to port Ethernet 1/2 of Device A, and Device B is connected
to port Ethernet 1/1 of Device A. All hosts use static IP addresses.
Configure static IPv4 source guard binding entries on Device A and Device B to meet the following
requirements:
• On port Ethernet 1/2 of Device A, only IP packets from Host C can pass.
• On port Ethernet 1/1 of Device A, only IP packets from Host A can pass.
• On port Ethernet 1/2 of Device B, only IP packets from Host A can pass.
• On port Ethernet 1/1 of Device B, only IP packets sourced from 192.168.0.2/24 can pass. Host B
can communicate with Host A by using this IP address even if it uses another network adapter.