1-3
Displaying and Maintaining IP Source Guard
To do…
Use the command…
Remarks
Display information about static
binding entries
display user-bind
[
interface
interface-type interface-number
|
ip-address ip-address
|
mac-address
mac-address
]
Available in any
view
Display information about
dynamic binding entries
display ip check source
[
interface
interface-type interface-number
|
ip-address ip-address
|
mac-address
mac-address
]
Available in any
view
IP Source Guard Configuration Examples
Static Binding Entry Configuration Example
Network requirements
As shown in
, Host A and Host B are connected to ports GigabitEthernet 1/0/2 and
GigabitEthernet 1/0/1 of Switch B respectively, Host C is connected to port GigabitEthernet 1/0/2 of
Switch A, and Switch B is connected to port GigabitEthernet 1/0/1 of Switch A.
Configure static binding entries on Switch A and Switch B to meet the following requirements:
z
On port GigabitEthernet 1/0/2 of Switch A, only IP packets from Host C can pass.
z
On port GigabitEthernet 1/0/1 of Switch A, only IP packets from Host A can pass.
z
On port GigabitEthernet 1/0/2 of Switch B, only IP packets from Host A can pass.
z
On port GigabitEthernet 1/0/1 of Switch B, only IP packets from Host B can pass.
Network diagram
Figure 1-1
Network diagram for configuring static binding entries
IP: 192.168.0.3/24
MAC : 00-01-02-03-04-05
IP: 192.168.0.1/24
MAC: 00-01-02-03-04-06
Host A
IP: 192.168.0.2/24
MAC: 00-01-02-03-04-07
Host B
Host C
GE1/0/2
GE1/0/1
GE1/0/2
GE1/0/1
Switch A
Switch B
Configuration procedure
1) Configure Switch A
# Configure the IP addresses of various interfaces (omitted).
# Configure port GigabitEthernet 1/0/2 of Switch A to allow only IP packets with the source MAC
address of 00-01-02-03-04-05 and the source IP address of 192.168.0.3 to pass.
<SwitchA> system-view
[SwitchA] interface gigabitethernet 1/0/2
Summary of Contents for S5500-SI Series
Page 161: ...3 10 GigabitEthernet1 0 1 2 MANUAL...
Page 220: ...1 7 Clearing ARP entries from the ARP table may cause communication failures...
Page 331: ...1 7 1 1 ms 1 ms 1 ms 1 1 6 1 2 1 ms 1 ms 1 ms 1 1 4 1 3 1 ms 1 ms 1 ms 1 1 2 2 Trace complete...
Page 493: ...2 8...
Page 1111: ...1 10 Installing patches Installation completed and patches will continue to run after reboot...