xStack DES-3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual
325
config address_binding ip_mac ports
Purpose
Used to configure an IP-MAC state to enable or disable for specified ports.
Syntax
config address_binding ip_mac ports [<portlist> | all ] { state [enable
{[strict | loose]} | disable] | allow_zeroip [enable | disable] |
forward_dhcppkt [enable | disable]}
Description
This command is used to configure the per port state of IP-MAC binding or
configure a state which allows zero IP packets to bypass the switch or
configure a state which allows the forwarding of DHCP packets from the
switch.
Parameters
<portlist>
- Specifies a port or range of ports to be configured.
all
– Specifies that all ports on the switch will be configured for address
binding.
state
– configure the address binding port state to enable or disable. When
the state is enabled, the port will perform the binding check.
strict
- This mode provides a stricter method of control. If the user selects
this mode, all packets will be sent to the CPU, thus all packets will not be
forwarded by the hardware until the S/W learns the entries for the ports. The
port will check ARP packets and IP packets by IP-MAC-PORT Binding
entries. When the packet is found by the entry, the MAC address will be set
to dynamic. If the packet is not found by the entry, the MAC address will be
set to block and other packets will be dropped
.
The default mode is strict if
not specified. The ports with strict mode will capture unicast DHCP packets
through the ACL module. If configuring IP-MAC binding port enable in strict
mode when IP-MAC binding DHCP_snoop is enabled, it will create an ACL
profile and the rules according to the ports. If there are not enough profile or
rule space for ACL profile or rule table, it will return a warning message and
will not create ACL profile and rules to capture unicast DHCP packets.
loose -
This mode provides a looser way of control. If the user selects loose
mode, ARP packets and IP Broadcast packets will be sent to the CPU. The
packets will still be forwarded by the hardware until a specific source MAC
address is blocked by the software. The port will check ARP packets and IP
Broadcast packets by IP-MAC-PORT Binding entries . When the packet is
found by the entry, the MAC address will be set to dynamic. If the packet is
not found by the entry, the MAC address will be set to block. Other packets
will be bypassed.
allow_zeroip
– The configure state which allows zero IP packets to bypass.
forward_dhcppkt
- By default, the DHCP packet with broadcast DA will be
flooded. When set to disable, the broadcast DHCP packet received by the
specified port will not be forwarded. This setting is effective when DHCP
snooping is enabled, under this case the DHCP packet which has been
trapped by the CPU needs to be forwarded by the software. This setting
controls the forwarding behavior in this situation.
Restrictions
Only Administrator or Operator-level users can issue this command.
Example usage:
To configure port1 enable address_binding and allow_zeroip state and forward_dhcppkt state:
DES-3800:admin# config address_binding ip_mac ports 1 state
enable allow_zeroip enable forward_dhcppkt enable
Command: config address_binding ip_mac ports 1 state enable
allow_zeroip enable forward_dhcppkt enable
Success.
DES-3800:admin#