Operation Manual – IP Source Guard
H3C S3610&S5510 Series Ethernet Switches
Chapter 1 IP Source Guard Configuration
1-3
1.5 IP Source Guard Configuration Examples
1.5.1 Static Binding Entry Configuration Example
I. Network requirements
As shown in
, switches A and B and Hosts A, B and C are on an Ethernet.
Host A and Host B are connected to ports Ethernet 1/0/1 and Ethernet 1/0/2 of Switch B
respectively, Host C is connected to port Ethernet 1/0/1 of Switch A, while Switch B is
connected to port Ethernet 1/0/2 of Switch A.
Detailed requirements are as follows:
z
On port Ethernet 1/0/2 of Switch A, only IP packets with the source MAC address
of 00-01-02-03-04-05 and the source IP address of 192.168.0.3 can pass.
z
On port Ethernet 1/0/1 of Switch A, only IP packets with the source MAC address
of 00-01-02-03-04-06 and the source IP address of 192.168.0.1 can pass.
z
On port Ethernet 1/0/1 of Switch B, only IP packets with the source MAC address
of 00-01-02-03-04-06 and the source IP address of 192.168.0.1 can pass.
z
On port Ethernet 1/0/2 of Switch B, only IP packets with the source MAC address
of 00-01-02-03-04-07 and the source IP address of 192.168.0.2 can pass.
II. Network diagram
Figure 1-1
Network diagram for configuring static binding entries
III. Configuration procedure
1)
Configure Switch A
# Configure the IP addresses of various interfaces (omitted).
# Configure port Ethernet 1/0/2 of Switch A to allow only IP packets with the source
MAC address of 00-01-02-03-04-05 and the source IP address of 192.168.0.3 to pass.
<SwitchA> system-view