DGS-3700 Series Layer 2 Managed Gigabit Ethernet Switch CLI Reference Guide
Page | 426
C
OMMAND
P
ARAMETERS
config address_binding
ip_mac ports
[<portlist> | all ] { state [enable {[strict | loose] | [ipv6 | all ]} | disable
{[ ipv6 | all ]}] | allow_zeroip [enable | disable] | forward_dhcppkt
[enable | disable] | mode [arp | acl ] | stop_learning_threshold<int 0-
500>}
debug address_binding
[event | dhcp | all]
no debug address_binding
Each command is listed, in detail, in the following sections.
config address_binding ip_mac ports
Purpose
The config address_binding ip_mac ports command is used to configure per port state
of IP-MAC binding in the switch.
Syntax
config address_binding ip_mac ports[<portlist> | all ] { state [ enable {[ strict |
loose] | [ ipv6 | all ]} | disable {[ ipv6 | all ]}] | allow_zeroip [enable | disable] |
forward_dhcppkt [enable | disable]}
Description
This command is used to configure per port state of IP-MAC binding on the switch. If
a port has been configured as a group member of an aggregagted link, then it can
not enable its ip mac binding function.
When the binding check state is enabled, for IP packet and ARP packet received by
this port, the switch will check whether the IP address and MAC address match the
binding entries, the packet will be dropped if they did not match.
For this function, the switch can operate in ACL mode or ARP mode, In ARP mode,
only ARP packets are checked for binding, In ACL mode, both ARP packet and IP
packets are checked for binding. Therefore, ACL mode provides more strict checks
for packets.
The configrution of an entry in the ACL mode will consume the resources in the
switch controller. An ACL mode entry may not be effective. The status of the entry
will display this information. When an entry in not effective, the check for IP
packet will not be performed. The check for the ARP packet will still be performed.
For the check of ARP packet, both of the ARP request and reply packet will be
checked. The packet with source IP address not defined in the source-validity
binding entry or with source MAC address not defined in the source-validity
binding entry, or if the source IP address and source MAC address do not match the
pair defined the source-validity binding entry will be dropped. The ARL entry
corresponds to source MAC address in the invalid packet so it will be set to a
blocked state.
When an ARL entry is set to a blocked state, if correct source IP address occurred with
the blocked MAC address, the ARL entry for this MAC address will be recovered.
If acl_mode is changed, the switch will add/delete ACL access entries automatically
when the configured state is enable/disable. (To deny all ip packets on this port).
If the acl pool is full and the switch can not create any new ACL access entry, the
switch will show a warning message. At this moment, this port will enter normal
address_binding mode.
Parameters
state
−
configure address binding port state to enable or disable. When the state is
enabled, the port will perform the binding check.
ipv6
- For “state enable ipv6”, only the IPv6 filter table applied to the driver.For “state
enable” without specifying “ipv6”, only the IPv4 filtering table is applied to
driver.For “state enable all”, both IPv4 and IPv6 filtering tables are applied to the
driver.For example, if IPv6 is enabled, but IPv4 is disabled, only the IPv6
Snooping entry is used to create a HW filtering table, if the FDB is used as the HW
