409
Displaying and maintaining IP source guard
Task Command Remarks
Display static IP source guard
binding entries.
display ip source binding static
[
interface
interface-type
interface-number |
ip-address
ip-address
| mac-address
mac-address
] [
|
{
begin
|
exclude
|
include
} regular-expression ]
Available in any view.
Display IP source guard binding
entries.
display ip source binding
[
interface
interface-type interface-number |
ip-address
ip-address |
mac-address
mac-address ] [
|
{
begin
|
exclude
|
include
} regular-expression ]
Available in any view.
Static IPv4 source guard binding entry
configuration example
Network requirements
As shown in Figure 139, Host A and Host B are connected to ports Ethernet 1/2 and Ethernet 1/1 of
Device B respectively, Host C is connected to port Ethernet 1/2 of Device A, and Device B is
connected to port Ethernet 1/1 of Device A. All hosts use static IP addresses.
Configure static IPv4 source guard binding entries on Device A and Device B to meet the following
requirements:
• On port Ethernet 1/2 of Device A, only IP packets from Host C can pass.
• On port Ethernet 1/1 of Device A, only IP packets from Host A can pass.
• On port Ethernet 1/2 of Device B, only IP packets from Host A can pass.
• On port Ethernet 1/1 of Device B, only IP packets sourced from 192.168.0.2/24 can pass. Host
B can communicate with Host A by using this IP address even if it uses another network
adapter.
Figure 139 Network diagram
Configuration procedure
1. Configure Device A:
# Enable IPv4 source guard on Ethernet 1/2 to filter packets based on both the source IP
address and MAC address.
<DeviceA> system-view
To Next Page
Loading...
Need help?
General
