1.1 Port Binding Overview
A network administrator
can use the port binding feature to bind the MAC address and IP address of a
legal user to a specific port. With port binding, only the packets with the
specified MAC addresses and IP addresses can be transferred through the port.
This gives users enhanced control over network security.
1.2 Port Binding Configuration
Table 1-1
Configure port binding
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Bind the legal MAC
addresses and IP addresses to the specified port
|
am user-bind { mac-addr mac-address |
ip-addr ip-address }* interface-list
|
Optional
|
|
Enter port view
|
interface interface-type interface-number
|
—
|
|
Bind the legal MAC
addresses and IP addresses to current port
|
am user-bind { mac-addr mac-address |
ip-addr ip-address }*
|
Optional
|
You
can bind up to 100 MAC addresses and IP addresses to one port.
After the
above-mentioned configuration, you can use the display command in any view
to display the port binding configured.
Table 1-2 Display
port binding configuration
|
Operation
|
Command
|
Description
|
|
Display the
information about port binding
|
display am
user-bind [ interface interface-type
interface-number | mac-addr | ip-addr ]
|
You can use the display
command in any view.
|
I. Network
requirements
In order o prevent
illegal use of the IP address of PC1, you may bind the MAC address and IP
address of PC1 to the port Ethernet1/0/1 on Switch A.
II. Network
diagram
Figure 1-1 Network
diagram for port binding configuration
III. Configuration
procedure
# Enter system view.
<H3C>
system-view
# Enter Ethernet1/0/1
port view.
[H3C] interface
Ethernet1/0/1
# Bind the MAC address and
the IP address of PC1 to Ethernet1/0/1.
[H3C-Ethernet1/0/1]
am user-bind mac-addr 0001-0002-0003 ip-addr 10.12.1.1
