Contents

IP-MAC binding commands· 1

display ip-mac binding ipv4· 1

display ip-mac binding ipv6· 2

display ip-mac binding statistics· 3

display ip-mac binding status· 4

ip-mac binding enable (interface view) 5

ip-mac binding enable (system view) 6

ip-mac binding interface· 7

ip-mac binding ipv4· 7

ip-mac binding ipv6· 8

ip-mac binding no-match action deny· 9

reset ip-mac binding statistics· 10

 

IP-MAC binding commands

display ip-mac binding ipv4

Use display ip-mac binding ipv4 to display IPv4-MAC binding entries.

Syntax

display ip-mac binding ipv4 [ ipv4-address ] [ mac-address mac-address ] [ vlan vlan-id | vpn-instance vpn-instance-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

ipv4-address: Specifies an IPv4 address. The IPv4 address cannot be an all 0s, a multicast address, or a loopback address. If you do not specify an IPv4 address, this command displays IPv4-MAC binding entries for all IPv4 addresses.

mac-address mac-address: Specifies a MAC address in the format of H-H-H. The MAC address cannot be all 0s, all Fs (a broadcast MAC address), or a multicast address. If you do not specify a MAC address, this command displays IPv4-MAC binding entries for all MAC addresses.

vlan vlan-id: Specifies a VLAN ID in the range of 1 to 4094. If you do not specify a VLAN, this command displays IPv4-MAC binding entries for all VLANs.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. The specified VPN must already exist. If you do not specify a VPN instance, this command displays IPv4-MAC binding entries for the public network.

Examples

# Display IPv4-MAC binding entries.

<Sysname> display ip-mac binding ipv4

Total entries: 1

IP address      MAC address            VPN instance      VLAN ID

1.1.1.1         0000-0000-0001         --                  N/A

Table 1 Command output

‌

Related commands

ip-mac binding ipv4

display ip-mac binding ipv6

Use display ip-mac binding ipv6 to display IPv6-MAC binding entries.

Syntax

display ip-mac binding ipv6 [ ipv6-address ] [ mac-address mac-address ] [ vlan vlan-id | vpn-instance vpn-instance-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

ipv6-address: Specifies an IPv6 address. The IPv6 address cannot be all 0s, a multicast address, or a loopback address. If you do not specify an IPv6 address, this command displays IPv6-MAC binding entries for all IPv6 addresses.

mac-address mac-address: Specifies a MAC address in the format of H-H-H. The MAC address cannot be all 0s, all Fs (a broadcast MAC address), or a multicast address. If you do not specify a MAC address, this command displays IPv6-MAC binding entries for all MAC addresses.

vlan vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094. If you do not specify a VLAN, this command displays IPv6-MAC binding entries for all VLANs.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. The specified VPN must already exist. If you do not specify a VPN instance, this command displays IPv6-MAC binding entries for the public network.

Examples

# Display IPv6-MAC binding entries.

<Sysname> display ip-mac binding ipv6

Total entries: 1

IP address      MAC address            VPN instance      VLAN ID

10::10          0000-0000-0001         --                   N/A

Table 2 Command output

 

Related commands

ip-mac binding ipv6

display ip-mac binding statistics

Use display ip-mac binding statistics to display statistics about packets dropped by the IP-MAC binding feature.

Syntax

In standalone mode:

display ip-mac binding statistics [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

display ip-mac binding statistics [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays statistics about packets dropped by the IP-MAC binding feature for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays statistics about packets dropped by the IP-MAC binding feature for all cards. (In IRF mode.)

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Usage guidelines

When the deny action is set for packets that do not match any IP-MAC binding entries, this command displays statistics about the following packets:

·     Packets that do not exactly match any IP-MAC binding entries.

·     Packets that do not match any IP-MAC binding entries.

Examples

# (In standalone mode.) Display statistics about packets dropped by the IP-MAC binding feature on the specified slot.

<Sysname> display ip-mac binding statistics slot 1

Slot 1:

Statistics about dropped packets:

IPv4 drop statistics:

  IPv4 ip-mac binding dropped packets because partial match ip: 3

  IPv4 ip-mac binding dropped packets because partial match mac: 0

  IPv4 ip-mac binding dropped packets because no match entry: 12

IPv6 drop statistics:

  IPv6 ip-mac binding dropped packets because partial match ip: 0

  IPv6 ip-mac binding dropped packets because partial match mac: 0

  IPv6 ip-mac binding dropped packets because no match entry: 0

Table 3 Command output

 

Related commands

reset ip-mac binding statistics

display ip-mac binding status

Use display ip-mac binding status to display the status of the IP-MAC binding feature.

Syntax

display ip-mac binding status

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Usage guidelines

This command displays the status of the IP-MAC binding feature and the default action for packets that do not match any IP-MAC binding entries.

Examples

# Display the status of the IP-MAC binding feature.

<Sysname> display ip-mac binding status

ip-mac binding: Disabled

ip-mac binding no-match action: Deny

Table 4 Command output

 

ip-mac binding enable (interface view)

Use ip-mac binding enable to enable the IP-MAC binding feature on an interface.

Use undo ip-mac binding enable to disable the IP-MAC binding feature on an interface.

Syntax

ip-mac binding enable

undo ip-mac binding enable

Default

The IP-MAC binding feature is disabled on an interface.

Views

Layer 3 Ethernet interface

Layer 3 Ethernet subinterface

VLAN interface

Layer 3 aggregate interface

Layer 3 aggregate subinterface

Predefined user roles

network-admin

context-admin

Usage guidelines

The IP-MAC binding feature on an interface takes effect only on incoming packets on the interface.

The interface-specific IP-MAC binding configuration takes precedence over the global IP-MAC binding configuration.

Examples

# Enable the IP-MAC binding feature on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip-mac binding enable

ip-mac binding enable (system view)

Use ip-mac binding enable to enable the IP-MAC binding feature globally.

Use undo ip-mac binding enable to disable the IP-MAC binding feature globally.

Syntax

ip-mac binding enable

undo ip-mac binding enable

Default

The IP-MAC binding feature is disabled globally.

Views

System view

Predefined user roles

network-admin

context-admin

Usage guidelines

The IP-MAC binding feature uses IP-MAC binding entries to match the source IP address and source MAC address in incoming packets:

·     If both the source IP address and source MAC address match the same binding entry, the feature permits the packet.

·     If only the source IP address or source MAC address matches a binding entry, the feature denies the packet.

·     If the source IP address and the source MAC address match no binding entries, the feature processes the packet based on the specified action.

The IP-MAC binding entries are static. Therefore, this feature is applicable to only scenario that all users are statically assigned IP addresses. Using this feature in a network where users' IP addresses are dynamically assigned through DHCP might cause communication failure.

Examples

# Enable the IP-MAC binding feature globally.

<Sysname> system-view

[Sysname] ip-mac binding enable

ip-mac binding interface

Use ip-mac binding interface to generate IP-MAC binding entries based on existing ARP and ND entries on an interface.

Syntax

ip-mac binding interface interface-type interface-number

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

interface-type interface-number: Specifies an interface by its name and type. The interface must be a Layer 3 Ethernet interface or subinterface, Layer 3 aggregate interface or subinterface, Reth interface or subinterface, or VLAN interface.

Usage guidelines

Use this command to generate IP-MAC binding entries based on existing ARP entries and ND entries on an interface. If the newly generated IP-MAC binding entries conflict with the existing IP-MAC binding entries, the device retains the existing entries.

To generate IP-MAC binding entries based on ARP entries and ND entries newly added after the command execution, re-execute this command.

To delete IPv4-MAC binding entries generated by using this command, use the undo ip-mac binding ipv4 command. To delete IPv6-MAC binding entries generated by using this command, use the undo ip-mac binding ipv6 command.

IP-MAC binding entries are static. Therefore, the binding entries generated by using this command are not updated when the relevant ARP or ND entries change.

Examples

# Generate IP-MAC binding entries based on existing ARP and ND entries on GigabitEthernet 0/0/1.

<Sysname> system-view

[Sysname] ip-mac binding interface gigabitethernet 1/0/1

ip-mac binding ipv4

Use ip-mac binding ipv4 to create an IPv4-MAC binding entry.

Use undo ip-mac binding ipv4 to delete IPv4-MAC binding entries.

Syntax

ip-mac binding ipv4 ipv4-address mac-address mac-address [ vlan vlan-id | vpn-instance vpn-instance-name ]

undo ip-mac binding ipv4 { all | ipv4-address mac-address mac-address [ vlan vlan-id | vpn-instance vpn-instance-name ] }

Default

No IPv4-MAC binding entries are configured.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

ipv4-address: Specifies an IPv4 address. The IPv4 address cannot be all 0s, a multicast address, or a loopback address.

mac-address mac-address: Specifies a MAC address in the format of H-H-H. The MAC address cannot be all 0s, all Fs (a broadcast MAC address), or a multicast address.

vlan vlan-id: Specifies a VLAN ID in the range of 1 to 4094.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. For the configuration to take effect, the specified MPLS L3VPN instance must already exist. If you do not specify a VPN instance, the IPv4-MAC binding entry belongs to the public network.

all: Specifies all IPv4-MAC binding entries.

Usage guidelines

A MAC address can be bound to multiple IPv4 addresses. However, an IPv4 address can be bound to only one MAC address. To bind an IPv4 address in a binding entry to another MAC address, you must delete the existing binding entry, and then create the new binding entry.

IPv4-MAC binding entries created by using this command are globally effective.

The device supports a maximum of 1024 IPv4-MAC binding entries.

Examples

# Create an IPv4-MAC binding entry to permit packets with source IPv4 address 192.168.0.1 and source MAC address 0001-0001-0001.

<Sysname> system-view

[Sysname] ip-mac binding ipv4 192.168.0.1 mac-address 0001-0001-0001

Related commands

display ip-mac binding ipv4

ip-mac binding ipv6

Use ip-mac binding ipv6 to create an IPv6-MAC binding entry.

Use undo ip-mac binding ipv6 to delete IPv6-MAC binding entries.

Syntax

ip-mac binding ipv6 ipv6-address mac-address mac-address [ vlan vlan-id | vpn-instance vpn-instance-name ]

undo ip-mac binding ipv6 { all | ipv6-address mac-address mac-address [ vlan vlan-id | vpn-instance vpn-instance-name ] }

Default

No IPv6-MAC binding entries are configured.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

ipv6-address: Specifies an IPv6 address. The IPv6 address cannot be all 0s, a multicast address, or a loopback address.

mac-address mac-address: Specifies a MAC address in the format of H-H-H. The MAC address cannot be all 0s, all Fs (a broadcast MAC address ), or a multicast address.

vlan vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. For the configuration to take effect, the specified MPLS L3VPN instance must already exist. If you do not specify a VPN instance, the IPv6-MAC binding entry belongs to the public network.

all: Specifies all IPv6-MAC binding entries.

Usage guidelines

A MAC address can be bound to multiple IPv6 addresses. However, an IPv6 address can be bound to only one MAC address. To bind an IPv6 address in a binding entry to another MAC address, you must delete the existing binding entry and then create the new binding entry.

IPv6-MAC binding entries created by using this command are globally effective.

The device supports a maximum of 1024 IPv6-MAC binding entries.

Examples

# Create an IPv6-MAC binding entry to permit packets with source IPv6 address 2012::12:25 and source MAC address 0001-0001-0001.

<Sysname> system-view

[Sysname] ip-mac binding ipv6 2012::12:25 mac-address 0001-0001-0001

Related commands

display ip-mac binding ipv6

ip-mac binding no-match action deny

Use ip-mac binding no-match action deny to set the default action to deny for packets that do not match any IP-MAC binding entries.

Use undo ip-mac binding no-match action deny to restore the default.

Syntax

ip-mac binding no-match action deny

undo ip-mac binding no-match action deny

Default

The default action for packets that do not match any IP-MAC binding entries is permit.

Views

System view

Predefined user roles

network-admin

context-admin

Usage guidelines

Use this command to permit only packets with both source IP address and source MAC address matching the same binding entry.

Examples

# Set the default action to deny for packets that do not match any IP-MAC binding entries.

<Sysname> system-view

[Sysname] ip-mac binding no-match action deny

reset ip-mac binding statistics

Use reset ip-mac binding statistics to clear statistics about packets dropped by the IP-MAC binding feature.

Syntax

In standalone mode:

reset ip-mac binding statistics [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

reset ip-mac binding statistics [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears statistics about packets dropped by the IP-MAC binding feature on all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command clears statistics about packets dropped by the IP-MAC binding feature on all cards. (In IRF mode.)

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Examples

# (In standalone mode.) Clear statistics about packets dropped by the IP-MAC binding feature on the specified slot.

<Sysname> reset ip-mac binding statistics slot 1

Related commands

display ip-mac binding statistics