EasyManua.ls Logo

3Com Switch 4800G 24-Port - Page 180

3Com Switch 4800G 24-Port
1246 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
180 CHAPTER 21: IP SOURCE GUARD CONFIGURATION
2 Configure Switch B
# Configure the IP addresses of various interfaces (omitted).
# Configure port GigabitEthernet1/0/1 of Switch B to allow only IP packets with
the source MAC address of 00-01-02-03-04-06 and the source IP address of
192.168.0.1 to pass.
<SwitchB> system-view
[SwitchB] interface GigabitEthernet1/0/1
[SwitchB-GigabitEthernet1/0/1] user-bind ip-address 192.168.0.1 mac-address 0001-0203-0406
[SwitchB-GigabitEthernet1/0/1] quit
# Configure port GigabitEthernet1/0/2 of Switch B to allow only IP packets with
the source MAC address of 00-01-02-03-04-07 and the source IP address of
192.168.0.2 to pass.
[SwitchB] interface GigabitEthernet1/0/2
[SwitchB-GigabitEthernet1/0/2] user-bind ip-address 192.168.0.2 mac-address 0001-0203-0407
3 Verify the configuration
# On Switch A, static binding entries are configured successfully.
<SwitchA> display user-bind
The following user address bindings have been configured:
MAC IP Vlan Port Status
0001-0203-0405 192.168.0.3 N/A GigabitEthernet1/0/2 Static
0001-0203-0406 192.168.0.1 N/A GigabitEthernet1/0/1 Static
------------------2 binding entries queried, 2 listed------------------
# On Switch B, static binding entries are configured successfully.
<SwitchB> display user-bind
The following user address bindings have been configured:
MAC IP Vlan Port Status
0001-0203-0406 192.168.0.1 N/A GigabitEthernet1/0/1 Static
0001-0203-0407 192.168.0.2 N/A GigabitEthernet1/0/2 Static
------------------2 binding entries queried, 2 listed------------------
Dynamic Binding
Function Configuration
Example
Network requirements
Switch A connects to Client A and the DHCP Server through GigabitEthernet1/0/1
and GigabitEthernet1/0/2 respectively. DHCP Snooping is enabled on Switch A.
Detailed requirements are as follows:
Client A with the MAC address of 00-01-02-03-04-06 obtains an IP address
through the DHCP Server.
On Switch A, create the DHCP Snooping entry of Client A.
On port GigabitEthernet1/0/1 of Switch A, enable dynamic binding function to
prevent attacks from using forged IP addresses to attack the server.
n
For detailed configuration of DHCP Server, refer to “DHCP Server Configuration
on page 797.

Table of Contents

Related product manuals