Operation Manual – MAC-IP-Port Binding
H3C S3610&S5510 Series Ethernet Switches
Chapter 1 MAC-IP-Port Binding Configuration
1-1
Chapter 1 MAC-IP-Port Binding Configuration
1.1 MAC-IP-Port Binding Overview
MAC-IP-port binding allows a device to filter packets and thus enhance security. With
MAC-IP-port binding configured, a port checks whether the source MAC and IP
addresses of an inbound packet is identical to the configured MAC-to-IP binding on the
port. If so, it forwards the packet; otherwise, it discards the packet.
1.2 Configuring MAC-IP-Port Binding
Follow these steps to configure MAC-IP-port binding:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Bind a MAC-IP
address pair to
multiple ports
user-bind mac-addr mac-address
ip-addr ip-address
interface
interface-list
interface
interface-type
interface-number
Configu
re
MAC-IP
-port
binding
Bind a MAC-IP
address pair to
the current
port
user-bind mac-addr mac-address
ip-addr ip-address
Required
Use either
approach.
Caution:
z
The port in an aggregation group does not support MAC-IP-Port binding
configuration.
z
S3610&S5510 Series Ethernet Switches differentiate binding through “MAC
a IP a port”. You can bind a MAC address with only one IP address
and vice versa. However, you can bind a MAC-IP pair to multiple ports.
z
MAC-IP-port binding is on a per-port basis, that is, a port with MAC-IP-port binding
enabled filters packets independently; it does not affect any other port.
z
The MAC address to be bound cannot be all 0s, all Fs, or a multicast address. The
IP address can only be a Class A, Class B, or Class C address and can neither be
127.x.x.x nor 0.0.0.0.
