Dynamic binding function configuration example, Network requirements – H3C Technologies H3C S5120 Series Switches User Manual

Page 729

Advertising
background image

1-4

[SwitchA-GigabitEthernet1/0/2] quit

# Configure port GigabitEthernet 1/0/1 of Switch A to allow only IP packets with the source MAC

address of 00-01-02-03-04-06 and the source IP address of 192.168.0.1 to pass.

[SwitchA] interface gigabitethernet 1/0/1

[SwitchA-GigabitEthernet1/0/1] user-bind ip-address 192.168.0.1 mac-address 0001-0203-0406

2) Configure Switch B

# Configure the IP addresses of various interfaces (omitted).

# Configure port GigabitEthernet 1/0/2 of Switch B to allow only IP packets with the source MAC

address of 00-01-02-03-04-06 and the source IP address of 192.168.0.1 to pass.

<SwitchB> system-view

[SwitchB] interface gigabitethernet 1/0/2

[SwitchB-GigabitEthernet1/0/2] user-bind ip-address 192.168.0.1 mac-address 0001-0203-0406

[SwitchB-GigabitEthernet1/0/2] quit

# Configure port GigabitEthernet 1/0/1 of Switch B to allow only IP packets with the source MAC

address of 00-01-02-03-04-07 and the source IP address of 192.168.0.2 to pass.

[SwitchB] interface gigabitethernet 1/0/1

[SwitchB-GigabitEthernet1/0/1] user-bind ip-address 192.168.0.2 mac-address 0001-0203-0407

3) Verify the configuration

# On Switch A, static binding entries are configured successfully.

<SwitchA> display user-bind

Total entries found: 2

MAC IP Vlan Port Status

0001-0203-0405 192.168.0.3 N/A GigabitEthernet1/0/2 Static

0001-0203-0406 192.168.0.1 N/A GigabitEthernet1/0/1 Static

# On Switch B, static binding entries are configured successfully.

<SwitchB> display user-bind

Total entries found: 2

MAC IP Vlan Port Status

0001-0203-0406 192.168.0.1 N/A GigabitEthernet1/0/2 Static

0001-0203-0407 192.168.0.2 N/A GigabitEthernet1/0/1 Static

Dynamic Binding Function Configuration Example

Network requirements

As shown in

Figure 1-2

, Switch A connects to Client A and the DHCP server through ports

GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 respectively. DHCP snooping is enabled on Switch A.

Detailed requirements are as follows:

z

Client A (with the MAC address of 00-01-02-03-04-06) obtains an IP address through the DHCP

server.

z

On Switch A, create a DHCP snooping entry for Client A.

z

On port GigabitEthernet 1/0/1 of Switch A, enable dynamic binding function to prevent attackers

from using forged IP addresses to attack the server.

Advertising
Popular Brands
Popular manuals