Table of Contents

1 IP Source Guard Configuration Commands· 1-1

IP Source Guard Configuration Commands· 1-1

display ip check source· 1-1

display user-bind· 1-2

ip check source· 1-3

user-bind· 1-3

 

 

 

IP Source Guard Configuration Commands

display ip check source

Syntax

display ip check source [ interface interface-type interface-number | ip-address ip-address | mac-address mac-address ]

View

Any view

Parameters

interface interface-type interface-number: Displays the dynamic bindings of the port specified by its type and number.

ip-address ip-address: Displays the dynamic bindings of an IP address.

mac-address mac-address: Displays the dynamic bindings of an MAC address (in the format of H-H-H).

Description

Use the display ip check source command to display dynamic bindings.

With no options specified, the command displays the dynamic bindings of all ports.

Related commands: ip check source.

Examples

# Display all dynamic bindings.

<Sysname> display ip check source

The following user address bindings have been configured:

 MAC               IP               Vlan   Port                         Status

 0001-0203-0406     192.168.0.1         2      GigabitEthernet0/0/1              DHCP-SNP

 0001-0203-0407     192.168.0.2         2      GigabitEthernet0/0/2              DHCP-SNP

 -----------------2 binding entries queried, 2 listed------------------

Table 1-1 Description on the fields of the display ip check source command

Field	Description
MAC	MAC address of the dynamic binding. N/A means that no MAC address is bound in the entry.
IP	IP address of the dynamic binding. N/A means that no IP address is bound in the entry.
Vlan	VLAN to which the obtained binding entry belongs. N/A means that no VLAN is bound in the entry.
Port	Port to which the dynamic binding entry is applied
Status	Type of dynamically obtaining the binding entry. DHCP-SNP means that the binding is dynamically obtained from DHCP snooping.
2 binding entries queried, 2 listed	Counts of dynamic binding entries

 

display user-bind

Syntax

display user-bind [ interface interface-type interface-number | ip-address ip-address | mac-address mac-address ]

View

Any view

Parameters

interface interface-type interface-number: Displays the static bindings of the interface specified by it type and number.

ip-address ip-address: Displays the static bindings of an IP address.

mac-address mac-address: Displays the static bindings of an MAC address (in the format of H-H-H).

Description

Use the display user-bind command to display static bindings.

With no options specified, the command displays static bindings of all interfaces.

Related commands: user-bind.

Examples

# Display all static bindings.

<Sysname> display user-bind

The following user address bindings have been configured:

 MAC               IP               Vlan   Port                         Status

 0001-0203-0405      192.168.0.3           N/A    GigabitEthernet0/0/2                 Static

 0001-0203-0406      192.168.0.1           N/A    GigabitEthernet0/0/1                 Static

------------------2 binding entries queried, 2 listed------------------

Table 1-2 Description on the fields of the display user-bind command

Field	Description
MAC	MAC address of the binding. N/A means that no MAC address is bound in the entry.
IP	IP address of the binding. N/A means that no IP address is bound in the entry.
Vlan	Static binding entry does not support VLAN-port binding.
Port	Port of the binding
Status	Type of the binding. Static means that the binding is manually configured.
2 binding entries queried, 2 listed	Counts of static binding entries

 

ip check source

Syntax

ip check source { ip-address | ip-address mac-address | mac-address }

undo ip check source

View

Ethernet port view

Parameters

ip-address: Specifies to bind source IP addresses to the port.

mac-address: Specifies to bind source MAC addresses to the port.

Description

Use the ip check source command to configure the dynamic binding function on a port.

Use the undo ip check source command to restore the default.

By default, the dynamic binding function is disabled.

Note that you cannot configure the dynamic binding function on a port that is in an aggregation group.

Related commands: display ip check source.

Examples

# Configure dynamic binding function on port GigabitEthernet 0/0/1 to filter packets based on both source IP address and MAC address.

<Sysname> system-view

[Sysname] interface GigabitEthernet 0/0/1

[Sysname- GigabitEthernet0/0/1] ip check source ip-address mac-address

user-bind

Syntax

user-bind { ip-address ip-address | ip-address ip-address mac-address mac-address | mac-address mac-address }

undo user-bind { ip-address ip-address | ip-address ip-address mac-address mac-address | mac-address mac-address }

View

Ethernet interface view

Parameters

ip-address ip-address: Specifies the IP address for the static binding. The IP address can only be a Class A, Class B, or Class C address and can be neither 127.x.x.x nor 0.0.0.0.

mac-address mac-address: Specifies the MAC address for the static binding in the format of H-H-H. The MAC address cannot be all 0s, all Fs (a broadcast address), or a multicast address.

Description

Use the user-bind command to configure a static binding. Use the undo user-bind command to delete a static binding.

By default, no static binding exists on a port.

Note that: The system does not support repeatedly configuring a binding entry to one port. A binding entry can be configured to multiple ports.

Related commands: display user-bind.

Examples

# Configure a static binding on port GigabitEthernet 0/0/1.

<Sysname> system-view

[Sysname] interface GigabitEthernet 0/0/1

[Sysname- GigabitEthernet0/0/1] user-bind ip-address 192.168.0.1 mac-address 0001-0001-0001