IP Source Guard Configuration Examples 179
■ On port GigabitEthernet1/0/2 of Switch A, only IP packets with the source
MAC address of 00-01-02-03-04-05 and the source IP address of 192.168.0.3
can pass.
■ On port GigabitEthernet1/0/1 of Switch A, only IP packets with the source
MAC address of 00-01-02-03-04-06 and the source IP address of 192.168.0.1
can pass.
■ On port GigabitEthernet1/0/1 of Switch B, only IP packets with the source MAC
address of 00-01-02-03-04-06 and the source IP address of 192.168.0.1 can
pass.
■ On port GigabitEthernet1/0/2 of Switch B, only IP packets with the source MAC
address of 00-01-02-03-04-07 and the source IP address of 192.168.0.2 can
pass.
Network diagram
Figure 47 Network diagram for configuring static binding entries
Configuration procedure
1 Configure Switch A
# Configure the IP addresses of various interfaces (omitted).
# Configure port GigabitEthernet1/0/2 of Switch A to allow only IP packets with
the source MAC address of 00-01-02-03-04-05 and the source IP address of
192.168.0.3 to pass.
<SwitchA> system-view
[SwitchA] interface GigabitEthernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] user-bind ip-address 192.168.0.3 mac-address 0001-0203-0405
[SwitchA-GigabitEthernet1/0/2] quit
# Configure port GigabitEthernet1/0/1 of Switch A to allow only IP packets with
the source MAC address of 00-01-02-03-04-06 and the source IP address of
192.168.0.1 to pass.
[SwitchA] interface GigabitEthernet1/0/1
[SwitchA-GigabitEthernet1/0/1] user-bind ip-address 192.168.0.1 mac-address 0001-0203-0406
192.168.0.1/24
MAC address: 00-01-02 -03-04-06
Host A
192.168 .0.2/24
MAC address: 00-01 -02-03-04-07
Host B
192.168.0.3/24
MAC address: 00-01-02 -03-04-05
Host C
GE1/0/1
Switch A
GE1/0/2
GE 1/0 /1 GE 1/0 /2
Switch B
To Next Page
Loading...
