256
IP source guard configuration examples
Static IPv4 source guard binding entry configuration example
Network requirements
As shown in Figure 77, Host A and Host B are connected to ports GigabitEthernet 1/0/2 and
GigabitEthernet 1/0/1 of Device B respectively, Host C is connected to port GigabitEthernet 1/0/2 of
Device A, and Device B is connected to port GigabitEthernet 1/0/1 of Device A.
Configure static IPv4 source guard binding entries on Device A and Device B to meet the following
requirements:
ï‚· On port GigabitEthernet 1/0/2 of Device A, only IP packets from Host C can pass.
ï‚· On port GigabitEthernet 1/0/1 of Device A, only IP packets from Host A can pass.
ï‚· On port GigabitEthernet 1/0/2 of Device B, only IP packets from Host A can pass.
ï‚· On port GigabitEthernet 1/0/1 of Device B, only IP packets from Host B can pass.
Figure 77 Network diagram for configuring static IPv4 source guard binding entries
IP: 192.168.0.3/24
MAC : 0001-0203-0405
IP: 192.168.0.1/24
MAC: 0001-0203-0406
Host A
IP: 192.168.0.2/24
MAC: 0001-0203-0407
Host B
Host C
GE1/0/2
GE1/0/1
GE1/0/2
GE1/0/1
Device A
Device B
Configuration procedure
1. Configure Device A
# Configure the IP addresses of the interfaces (omitted).
# Configure port GigabitEthernet 1/0/2 of Device A to allow only IP packets with the source MAC
address of 0001-0203-0405 and the source IP address of 192.168.0.3 to pass.
<DeviceA> system-view
[DeviceA] interface gigabitethernet 1/0/2
[DeviceA-GigabitEthernet1/0/2] user-bind ip-address 192.168.0.3 mac-address 0001-0203-
0405
[DeviceA-GigabitEthernet1/0/2] quit
# Configure port GigabitEthernet 1/0/1 of Device A to allow only IP packets with the source MAC
address of 0001-0203-0406 and the source IP address of 192.168.0.1 to pass.
[DeviceA] interface gigabitethernet 1/0/1
[DeviceA-GigabitEthernet1/0/1] user-bind ip-address 192.168.0.1 mac-address 0001-0203-
0406
2. Configure Device B
# Configure the IP addresses of the interfaces (omitted).
To Next Page
Loading...
Need help?
General