Table of Contents

Chapter 1 IP Source Guard Configuration Commands. 1-1

1.1 IP Source Guard Configuration Commands. 1-1

1.1.1 display user-bind. 1-1

1.1.2 user-bind. 1-2

1.1.3 display ip check source. 1-3

1.1.4 ip check source. 1-4

 

Chapter 1  IP Source Guard Configuration Commands

1.1  IP Source Guard Configuration Commands

1.1.1  display user-bind

Syntax

display user-bind [ interface interface-type interface-number | ip-address ip-address | mac-address mac-address ]

View

Any view

Parameters

interface interface-type interface-number: Displays the static bindings of the interface specified by it type and number.

ip-address ip-address: Displays the static bindings of an IP address.

mac-address mac-address: Displays the static bindings of an MAC address (in the format of H-H-H).

Description

Use the display user-bind command to display static bindings.

With no options specified, the command displays static bindings of all interfaces.

Related commands: user-bind.

Examples

# Display all static bindings.

<Sysname> display user-bind

The Following User address bind have been configured:

  Mac                   IP                  Port                    Status

  0001-0001-0001        1.1.1.1             Ethernet1/0              Static

  NULL                  2.2.2.2             Ethernet1/0              Static

  0003-0003-0003        3.3.3.3             Ethernet1/0              Static

  0004-0004-0004        4.4.4.4             Ethernet1/0              Static

  NULL                  5.5.5.5             Ethernet1/0              Static

 -------------5 bind entries queried, 5 listed------------

Table 1-1 Description on the fields of the display user-bind command

Field	Description
Mac	MAC address of the binding. NULL means no MAC address is configured.
IP	IP address of the binding
Port	Port of the binding
Status	Type of the binding. Static means that the binding is manually configured.
5 bind entries queried, 5 listed	Counts of static bindings

 

1.1.2  user-bind

Syntax

user-bind ip-address ip-address [ mac-address mac-address ]

undo user-bind ip-address ip-address [ mac-address mac-address ]

View

Ethernet interface view

Parameters

ip-address ip-address: Specifies the IP address for the static binding. The IP address can only be a Class A, Class B, or Class C address and can be neither 127.x.x.x nor 0.0.0.0.

mac-address mac-address: Specifies the MAC address for the static binding in the format of H-H-H. The MAC address cannot be all 0s, all Fs (a broadcast address), or a multicast address.

Description

Use the user-bind command to configure a static binding.

Use the undo user-bind command to delete a static binding.

By default, no static binding exists on a port.

Note that:

l           The system does not support repeatedly binding a binding entry to one port. A binding entry can be configured to multiple ports

l           In a valid binding entry, the MAC address cannot be all 0s, all Fs (a broadcast address), or a multicast address, and the IP address can only be a Class A, Class B, or Class C address and can be neither 127.x.x.x nor 0.0.0.0.

Related commands: display user-bind.

Examples

# Configure a static binding on port Ethernet 1/0/1.

<Sysname> system-view

[Sysname] interface ethernet 1/0/1

[Sysname-Ethernet1/0/1] user-bind ip-address 192.168.0.1 mac-address 0001-0001-0001

1.1.3  display ip check source

Syntax

display ip check source [ interface interface-type interface-number | ip-address ip-address | mac-address mac-address ]

View

Any view

Parameters

interface interface-type interface-number: Displays the dynamic bindings of the port specified by its type and number.

ip-address ip-address: Displays the dynamic bindings of an IP address.

mac-address mac-address: Displays the dynamic bindings of an MAC address (in the format of H-H-H).

Description

Use the display ip check source command to display dynamic bindings.

With no options specified, the command displays the dynamic bindings of all ports.

Related commands: ip check source.

Examples

# Display all dynamic bindings.

<Sysname> display ip check source

The Following User address bind have been configured:

  Mac                   IP                 Port                    Status

  040a-0000-4000        10.1.0.9           Ethernet1/0/1           Dynamic

  040a-0000-3000        10.1.0.8           Ethernet1/0/1           Dynamic

  040a-0000-2000        10.1.0.7           Ethernet1/0/1           Dynamic

  040a-0000-1000        10.1.0.6           Ethernet1/0/1           Dynamic

  040a-0000-0000        10.1.0.5           Ethernet1/0/1           Dynamic

 -------------5 bind entries queried, 5 listed------------

Table 1-2 Description on the fields of the display ip check source command

Field	Description
Mac	MAC address of the dynamic binding
IP	IP address of the dynamic binding
Port	Port of the dynamic binding
Status	Type of the binding. Dynamic means that the binding is dynamically obtained from DHCP snooping.
5 bind entries queried, 5 listed	Counts of dynamic bindings

 

1.1.4  ip check source

Syntax

ip check source ip-address [ mac-address ]

undo ip check source ip-address [ mac-address ]

View

Ethernet port view

Parameters

ip-address: Checks the source IP addresses of packets.

mac-address: Checks the source MAC addresses of packets.

Description

Use the ip check source command to configure port filtering on a port, that is, to configure the port to filter packets based on source IP address or based on both source IP address and MAC address.

Use the undo ip check source command to restore the default.

By default, port filtering is disabled.

Note that you cannot configure port filtering on a port that is in an aggregation group.

Related commands: display ip check source.

Examples

# Configure port Ethernet 1/0/1 to filter packets based on both source IP address and MAC address.

<Sysname> system-view

[Sysname] interface ethernet 1/0/1

[Sysname-Ethernet1/0/1] ip check source ip-address mac-address