H3C Campus Fixed-Port Switches CLI-Based Quick Start Configuration Guide-6W101

HomeSupportQuick StartH3C Campus Fixed-Port Switches CLI-Based Quick Start Configuration Guide-6W101
Table of Contents
Related Documents
25-IP Source Guard Quick Start Configuration Guide

IP Source Guard Quick Start Configuration Guide

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Copyright © 2022 New H3C Technologies Co., Ltd. All rights reserved.

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.

Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.

The information in this document is subject to change without notice.



Configuring static IPSG bindings

Introduction

The following information uses an example to describe the basic procedure for configuring IP source guard (IPSG) static bindings.

Restrictions and guidelines

You cannot configure the IPSG feature on a service loopback interface or an aggregate interface.

Network configuration

As shown in Figure 1, all hosts use static IP addresses.

Configure static IPv4SG bindings on Switch A and Switch B to meet the following requirements:

·     GigabitEthernet 1/0/2 on Switch A allows IP packets from Host C to pass.

·     GigabitEthernet 1/0/1 on Switch A allows IP packets from Host A to pass.

·     GigabitEthernet 1/0/2 on Switch B allows IP packets from Host A to pass.

·     GigabitEthernet 1/0/1 on Switch B allows IP packets from the host whose IP address is 192.168.0.2/24 to pass. Thus, Host B can use that IP address to reach Host A even if the MAC address of Host B changes.

Figure 1 Network diagram

 

Procedure

Configuring Switch A

# Enable IPv4SG on GigabitEthernet 1/0/2.

<SwitchA> system-view

[SwitchA] interface gigabitethernet 1/0/2

[SwitchA-GigabitEthernet1/0/2] ip verify source ip-address mac-address

# On GigabitEthernet 1/0/2, configure a static IPv4SG binding for Host C. (Bind the IP address and MAC address of Host C.)

[SwitchA-GigabitEthernet1/0/2] ip source binding ip-address 192.168.0.3 mac-address 0001-0203-0405

[SwitchA-GigabitEthernet1/0/2] quit

# Enable IPv4SG on GigabitEthernet 1/0/1.

[SwitchA] interface gigabitethernet 1/0/1

[SwitchA-GigabitEthernet1/0/1] ip verify source ip-address mac-address

# On GigabitEthernet 1/0/1, configure a static IPv4SG binding for Host A. (Bind the IP address and MAC address of Host A.)

[SwitchA-GigabitEthernet1/0/1] ip source binding ip-address 192.168.0.1 mac-address 0001-0203-0406

[SwitchA-GigabitEthernet1/0/1] quit

# Save the configuration.

[SwitchA] save

Configuring Switch B

# Enable IPv4SG on GigabitEthernet 1/0/2.

<SwitchB> system-view

[SwitchB] interface gigabitethernet 1/0/2

[SwitchB-GigabitEthernet1/0/2] ip verify source ip-address mac-address

# On GigabitEthernet 1/0/2, configure a static IPv4SG binding for Host A. (Bind the IP address and MAC address of Host A.)

[SwitchB-GigabitEthernet1/0/2] ip source binding ip-address 192.168.0.1 mac-address 0001-0203-0406

[SwitchB-GigabitEthernet1/0/2] quit

# Enable IPv4SG on GigabitEthernet 1/0/1.

[SwitchB] interface gigabitethernet 1/0/1

[SwitchB-GigabitEthernet1/0/1] ip verify source ip-address

# On GigabitEthernet 1/0/1, configure a static IPv4SG binding for Host B. (Bind the IP address of Host B.)

[SwitchB-GigabitEthernet1/0/1] ip source binding ip-address 192.168.0.2

[SwitchB-GigabitEthernet1/0/1] quit

# Save the configuration.

[SwitchB] save

Verifying the configuration

# Verify that the static IPv4SG bindings are configured successfully on Switch A.

[SwitchA] display ip source binding static

Total entries found: 2

IP Address      MAC Address    Interface                VLAN Type

192.168.0.1     0001-0203-0406 GE1/0/1                  N/A  Static

192.168.0.3     0001-0203-0405 GE1/0/2                  N/A  Static

# Verify that the static IPv4SG bindings are configured successfully on Switch B.

[SwitchB] display ip source binding static

Total entries found: 2

IP Address      MAC Address    Interface                VLAN Type

192.168.0.1     0001-0203-0406 GE1/0/2                  N/A  Static

192.168.0.2     N/A            GE1/0/1                  N/A  Static

Configuration files

·     Switch A:

#

interface GigabitEthernet1/0/1

 port link-mode bridge

 ip verify source ip-address mac-address

 ip source binding ip-address 192.168.0.1 mac-address 0001-0203-0406

#

interface GigabitEthernet1/0/2

 port link-mode bridge

 ip verify source ip-address mac-address

 ip source binding ip-address 192.168.0.3 mac-address 0001-0203-0405

#

·     Switch B:

#

interface GigabitEthernet1/0/1

 port link-mode bridge

 ip verify source ip-address

 ip source binding ip-address 192.168.0.2

#

interface GigabitEthernet1/0/2

 port link-mode bridge

 ip verify source ip-address mac-address

 ip source binding ip-address 192.168.0.1 mac-address 0001-0203-0406

#

Related documentation

·     IP source guard configuration in the security configuration guide for the device.

·     IP source guard commands in the security command reference for the device.

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网