- Table of Contents
-
- H3C Campus Fixed-Port Switches CLI-Based Quick Start Configuration Guide-6W101
- 01-H3C Devices CLI Reference
- 02-Login Management Quick Start Configuration Guide
- 03-Configuration File Management Quick Start Configruation Guide
- 04-Software Upgrade Quick Start Configuration Guide
- 05-Device Management Quick Start Configuration Guide
- 06-NTP Quick Start Configuration Guide
- 07-RBAC Quick Start Configuration Guide
- 08-IRF Quick Start Configuration Guide
- 09-Ethernet Interface Quick Start Configuration Guide
- 10-VLAN Quick Start Configuration Guide
- 11-Port Isolation Quick Start Configuration Guide
- 12-Loop Detection Quick Start Configuration Guide
- 13-QinQ Quick Start Configuration Guide
- 14-MAC Address Table Quick Start Configuration Guide
- 15-Ethernet Link Aggregation Quick Start Configuration Guide
- 16-Spanning Tree Quick Start Configuration Guide
- 17-DHCP Quick Start Configuration Guide
- 18-OSPF Quick Start Configuration Guide
- 19-Static Routing Quick Start Configuration Guide
- 20-Basic RIP Quick Start Configuration Guide
- 21-PBR Quick Start Configuration Guide
- 22-IGMP Snooping Quick Start Configuration Guide
- 23-Packet Filtering Quick Start Configuration Guide
- 24-QoS Quick Start Configuration Guide
- 25-IP Source Guard Quick Start Configuration Guide
- 26-SSH Quick Start Configuration Guide
- 27-Port Security Quick Start Configuration Guide
- 28-VRRP Quick Start Configuration Guide
- 29-PoE Quick Start Configuration Guide
- 30-Mirroring Quick Start Configuration Guide
- 31-Information Center Quick Start Configuration Guide
- 32-SNMP Quick Start Configuration Guide
- 33-LAN Networks Quick Start Configuration Guide
- Related Documents
-
Title | Size | Download |
---|---|---|
25-IP Source Guard Quick Start Configuration Guide | 57.48 KB |
IP Source Guard Quick Start Configuration Guide
Copyright © 2022 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
The information in this document is subject to change without notice.
Configuring static IPSG bindings
Introduction
The following information uses an example to describe the basic procedure for configuring IP source guard (IPSG) static bindings.
Restrictions and guidelines
You cannot configure the IPSG feature on a service loopback interface or an aggregate interface.
Network configuration
As shown in Figure 1, all hosts use static IP addresses.
Configure static IPv4SG bindings on Switch A and Switch B to meet the following requirements:
· GigabitEthernet 1/0/2 on Switch A allows IP packets from Host C to pass.
· GigabitEthernet 1/0/1 on Switch A allows IP packets from Host A to pass.
· GigabitEthernet 1/0/2 on Switch B allows IP packets from Host A to pass.
· GigabitEthernet 1/0/1 on Switch B allows IP packets from the host whose IP address is 192.168.0.2/24 to pass. Thus, Host B can use that IP address to reach Host A even if the MAC address of Host B changes.
Procedure
Configuring Switch A
# Enable IPv4SG on GigabitEthernet 1/0/2.
<SwitchA> system-view
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] ip verify source ip-address mac-address
# On GigabitEthernet 1/0/2, configure a static IPv4SG binding for Host C. (Bind the IP address and MAC address of Host C.)
[SwitchA-GigabitEthernet1/0/2] ip source binding ip-address 192.168.0.3 mac-address 0001-0203-0405
[SwitchA-GigabitEthernet1/0/2] quit
# Enable IPv4SG on GigabitEthernet 1/0/1.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] ip verify source ip-address mac-address
# On GigabitEthernet 1/0/1, configure a static IPv4SG binding for Host A. (Bind the IP address and MAC address of Host A.)
[SwitchA-GigabitEthernet1/0/1] ip source binding ip-address 192.168.0.1 mac-address 0001-0203-0406
[SwitchA-GigabitEthernet1/0/1] quit
# Save the configuration.
[SwitchA] save
Configuring Switch B
# Enable IPv4SG on GigabitEthernet 1/0/2.
<SwitchB> system-view
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] ip verify source ip-address mac-address
# On GigabitEthernet 1/0/2, configure a static IPv4SG binding for Host A. (Bind the IP address and MAC address of Host A.)
[SwitchB-GigabitEthernet1/0/2] ip source binding ip-address 192.168.0.1 mac-address 0001-0203-0406
[SwitchB-GigabitEthernet1/0/2] quit
# Enable IPv4SG on GigabitEthernet 1/0/1.
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] ip verify source ip-address
# On GigabitEthernet 1/0/1, configure a static IPv4SG binding for Host B. (Bind the IP address of Host B.)
[SwitchB-GigabitEthernet1/0/1] ip source binding ip-address 192.168.0.2
[SwitchB-GigabitEthernet1/0/1] quit
# Save the configuration.
[SwitchB] save
Verifying the configuration
# Verify that the static IPv4SG bindings are configured successfully on Switch A.
[SwitchA] display ip source binding static
Total entries found: 2
IP Address MAC Address Interface VLAN Type
192.168.0.1 0001-0203-0406 GE1/0/1 N/A Static
192.168.0.3 0001-0203-0405 GE1/0/2 N/A Static
# Verify that the static IPv4SG bindings are configured successfully on Switch B.
[SwitchB] display ip source binding static
Total entries found: 2
IP Address MAC Address Interface VLAN Type
192.168.0.1 0001-0203-0406 GE1/0/2 N/A Static
192.168.0.2 N/A GE1/0/1 N/A Static
Configuration files
· Switch A:
#
interface GigabitEthernet1/0/1
port link-mode bridge
ip verify source ip-address mac-address
ip source binding ip-address 192.168.0.1 mac-address 0001-0203-0406
#
interface GigabitEthernet1/0/2
port link-mode bridge
ip verify source ip-address mac-address
ip source binding ip-address 192.168.0.3 mac-address 0001-0203-0405
#
· Switch B:
#
interface GigabitEthernet1/0/1
port link-mode bridge
ip verify source ip-address
ip source binding ip-address 192.168.0.2
#
interface GigabitEthernet1/0/2
port link-mode bridge
ip verify source ip-address mac-address
ip source binding ip-address 192.168.0.1 mac-address 0001-0203-0406
#
Related documentation
· IP source guard configuration in the security configuration guide for the device.
· IP source guard commands in the security command reference for the device.