02-IP Source Guard Commands
Chapters Download (33.33 KB)
Syntax
display ip check source [ interface interface-type interface-number | ip-address ip-address | mac-address mac-address ]
View
Any view
Default Level
1: Monitor level
Parameters
interface interface-type interface-number: Displays the dynamic bindings of the interface specified by its type and number.
ip-address ip-address: Displays the dynamic bindings of an IP address.
mac-address mac-address: Displays the dynamic bindings of an MAC address (in the format of H-H-H).
Description
Use the display ip check source command to display dynamic bindings.
With no options specified, the command displays the dynamic bindings of all interfaces.
Related commands: ip check source.
Examples
# Display all dynamic bindings.
<Sysname> display ip check source
Total entries found: 3
MAC IP Vlan Port Status
040a-0000-4000 10.1.0.9 2 GigabitEthernet1/0/1 DHCP-SNP
N/A 10.1.0.8 2 GigabitEthernet1/0/1 DHCP-SNP
040a-0000-2000 10.1.0.7 2 GigabitEthernet1/0/1 DHCP-SNP
Table 1-1 display ip check source command output description
|
Field |
Description |
|
Total entries found |
Total number of found entries |
|
MAC |
MAC address of the dynamic binding. N/A means that no MAC address is bound in the entry. |
|
IP |
IP address of the dynamic binding. N/A means that no IP address is bound in the entry. |
|
Vlan |
VLAN to which the obtained binding entry belongs. N/A means that no VLAN is bound in the entry. |
|
Port |
Port to which the dynamic binding entry is applied |
|
Status |
Type of dynamically obtaining the binding entry |
Syntax
display user-bind [ interface interface-type interface-number | ip-address ip-address | mac-address mac-address ]
View
Any view
Default Level
1: Monitor level
Parameters
interface interface-type interface-number: Displays the static bindings of the interface specified by its type and number.
ip-address ip-address: Displays the static bindings of an IP address.
mac-address mac-address: Displays the static bindings of an MAC address (in the format of H-H-H).
Description
Use the display user-bind command to display static bindings.
With no options specified, the command displays static bindings of all interfaces.
Related commands: user-bind.
Examples
# Display all static bindings.
<Sysname> display user-bind
Total entries found: 4
MAC IP Vlan Port Status
N/A 1.1.1.1 N/A GigabitEthernet1/0/1 Static
0001-0001-0001 2.2.2.2 200 GigabitEthernet1/0/1 Static
0003-0003-0003 N/A N/A GigabitEthernet1/0/1 Static
0004-0004-0004 4.4.4.4 N/A GigabitEthernet1/0/1 Static
Table 1-2 display user-bind command output description
|
Field |
Description |
|
Total entries found |
Total number of found entries |
|
MAC |
MAC address of the binding. N/A means that no MAC address is bound in the entry. |
|
IP |
IP address of the binding. N/A means that no IP address is bound in the entry. |
|
Vlan |
VLAN of the binding. N/A means that no VLAN is bound in the entry. |
|
Port |
Port of the binding |
|
Status |
Type of the binding. Static means that the binding is manually configured. |
Syntax
ip check source { ip-address | ip-address mac-address | mac-address }
undo ip check source
View
Ethernet interface view, VLAN interface view
Default Level
2: System level
Parameters
ip-address: Specifies to bind source IP address to the port.
ip-address mac-address: Specifies to bind source IP address and MAC address to the port.
mac-address: Specifies to bind source MAC address to the port.
Description
Use the ip check source command to configure the dynamic binding function on a port.
Use the undo ip check source command to restore the default.
By default, the dynamic binding function is disabled.
Note that: You cannot configure the dynamic binding function on a port that is in an aggregation group.
Related commands: display ip check source.
Examples
# Configure dynamic binding function on port GigabitEthernet 1/0/1 to filter packets based on both source IP address and MAC address.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] ip check source ip-address mac-address
Syntax
user-bind { ip-address ip-address | ip-address ip-address mac-address mac-address | mac-address mac-address } [ vlan vlan-id ]
undo user-bind { ip-address ip-address | ip-address ip-address mac-address mac-address | mac-address mac-address } [ vlan vlan-id ]
View
Layer-2 Ethernet interface view
Default Level
2: System level
Parameters
ip-address ip-address: Specifies the IP address for the static binding. The IP address can only be a Class A, Class B, or Class C address and can be neither 127.x.x.x nor 0.0.0.0.
mac-address mac-address: Specifies the MAC address for the static binding in the format of H-H-H. The MAC address cannot be all 0s, all Fs (a broadcast address), or a multicast address.
vlan vlan-id: Specifies the VLAN for the static binding. vlan-id is the ID of the VLAN to be bound, in the range 1 to 4094.
Description
Use the user-bind command to configure a static binding.
Use the undo user-bind command to delete a static binding.
By default, no static binding exists on a port.
Note that:
l The system does not support repeatedly configuring a binding entry to one port.
l A binding entry can be configured to multiple ports.
l You cannot configure a static binding on a port that is in an aggregation group.
Related commands: display user-bind.
Examples
# Configure a static binding on port GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] user-bind ip-address 192.168.0.1 mac-address 0001-0001-0001
