Manualshelf

H3C S7500E Series Ethernet Switches Operation Manual

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
191192193194195196197198199200
Operation Manual – IP Source Guard
H3C S7500E Series Ethernet Switches Chapter 1 IP Source Guard Configuration
1-5
[SwitchB-Ethernet2/0/1] user-bind ip-address 192.168.0.1 mac-address
0001-0203-0406
[SwitchA-Ethernet2/0/1] quit
# Configure port Ethernet 2/0/2 of Switch B to allow only IP packets with the source
MAC address of 00-01-02-03-04-07 and the source IP address of 192.168.0.2 to pass.
[SwitchB] interface ethernet 2/0/2
[SwitchB-Ethernet2/0/2] user-bind ip-address 192.168.0.2 mac-address
0001-0203-0407
3) Verify the configuration
# On Switch A, static binding entries are configured successfully.
<SwitchA> display user-bind
The following user address bindings have been configured:
MAC IP Vlan Port Status
0001-0203-0405 192.168.0.3 N/A Ethernet2/0/2 Static
0001-0203-0406 192.168.0.1 N/A Ethernet2/0/1 Static
------------------2 binding entries queried, 2 listed------------------
# On Switch B, static binding entries are configured successfully.
<SwitchB> display user-bind
The following user address bindings have been configured:
MAC IP Vlan Port Status
0001-0203-0406 192.168.0.1 N/A Ethernet2/0/1 Static
0001-0203-0407 192.168.0.2 N/A Ethernet2/0/2 Static
------------------2 binding entries queried, 2 listed------------------
1.5.2 Dynamic binding Configuration Example
I. Network requirements
Switch A connects to Client A and the DHCP Server through Ethernet 2/0/1 and
Ethernet 2/0/2 respectively. DHCP Snooping is enabled on Switch A.
Detailed requirements are as follows:
z Client A with the MAC address of 00-01-02-03-04-06 obtains an IP address
through the DHCP Server.
z On Switch A, create the DHCP Snooping entry of Client A.
z Enable IP filtering on port Ethernet 2/0/1 of Switch A to prevent attacks from clients
using fake source IP addresses to the DHCP server.