155
Configuring the dynamic IP source guard
binding function
After the dynamic IP source guard binding function is enabled on a port, IP source guard will
obtain binding entries dynamically through cooperation with DHCP protocols.
•
Cooperating with DHCP snooping, IP source guard will automatically obtain the DHCP
snooping entries that are generated during dynamic IP address allocation on an Ethernet
port.
•
Cooperating with DHCP Relay, IP source guard will automatically obtain the DHCP Relay
entries that are generated during dynamic IP address allocation across network segments on
a VLAN interface.
Dynamic IP source guard entries can contain such information as MAC address, IP address, VLAN
tag, ingress port information, and entry type (DHCP snooping or DHCP relay). IP source guard
applies these binding entries to the port, so that the port can filter packets accordingly.
Follow these steps to configure the dynamic IP source guard binding function:
To do…
Use the command…
Remarks
1.
Enter system view
system-view
—
2.
Enter interface view
interface
interface-type interface-
number
—
3.
Configure the dynamic IP
source guard binding function
ip check source
{
ip-address
|
ip-address
mac-address
|
mac-address
}
Required
Not configured by default
•
The dynamic binding function can be configured on Ethernet interfaces and VLAN interfaces.
•
If you configure dynamic IP source guard binding on a port for multiple times, the last configuration will
overwrite the previous configuration on the port.
Displaying and maintaining IP source guard
To do…
Use the command…
Remarks
1.
Display information about static
IP source guard binding entries
display user-bind
[
interface
interface-type
interface-number
|
ip-address
ip-address
|
mac-address
mac-address
]
Available in any view
2.
Display information about
dynamic IP source guard
binding entries on a switch in
standalone mode
display ip check source
[
interface
interface-type interface-number
|
ip-address
ip-address
|
mac-address
mac-address
] [
slot
slot-number
]
Available in any view
3.
Display information about
dynamic IP source guard
binding entries on a switch in
IRF mode
display ip check source
[
interface
interface-type interface-number |
ip-address
ip-address |
mac-address
mac-address
] [
chassis
chassis-number
slot
slot-number
]
Available in any view