Operation Manual – IP Source Guard
H3C S3610&S5510 Series Ethernet Switches
Chapter 1 IP Source Guard Configuration
1-2
To do…
Use the command…
Remarks
Configure a static binding
entry
user-bind ip-address
ip-address
[
mac-address
mac-address
Required
No static binding entry
exists by default.
Note:
z
The system does not support repeatedly binding a binding entry to one port. A
binding entry can be configured to multiple ports
z
In a valid binding entry, the MAC address cannot be all 0s, all Fs (a broadcast
address), or a multicast address, and the IP address can only be a Class A, Class B,
or Class C address and can be neither 127.x.x.x nor 0.0.0.0.
1.3 Configuring Port Filtering
Port filtering allows IP source guard to filter packets based on the MAC-IP-port binding
entries created and maintained by DHCP snooping.
Follow these steps to configure port filtering:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter interface view
interface interface-type
interface-number
—
Configure port
filtering
ip check source ip-address
[
mac-address
]
Required
Not configured by default
1.4 Displaying IP Source Guard
To do…
Use the command…
Remarks
Display information
about static binding
entries
display user-bind
[
interface
interface-type interface-number
|
ip-address ip-address
|
mac-address mac-address
]
Available in any view
Display information
about dynamic
binding entries
display ip check source
[
interface
interface-type interface-number
|
ip-address ip-address
|
mac-address mac-address
]
Available in any view