Ip source guard configuration examples, Static binding entry configuration example, Network requirements – H3C Technologies H3C WX6000 Series Access Controllers User Manual

Page 289: Network diagram, Configuration procedure

Advertising
background image

26-3

IP Source Guard Configuration Examples

Static Binding Entry Configuration Example

Network requirements

As shown in

Figure 26-1

, an access controller (AC), a switch and Hosts A, B and C are on an Ethernet.

Host A and Host B are connected to ports GigabitEthernet1/0/1 and GigabitEthernet 1/0/2 of the switch
respectively, Host C is connected to port GigabitEthernet 0/0/2 of the AC, while the switch is connected
to port GigabitEthernet 0/0/1 of the AC.

Detailed requirements are as follows:

z

On port GigabitEthernet 0/0/2 of AC, only IP packets with the source MAC address of
00-01-02-03-04-05 and the source IP address of 192.168.0.3 can pass.

z

On port GigabitEthernet 0/0/1 of AC, only IP packets with the source MAC address of
00-01-02-03-04-06 and the source IP address of 192.168.0.1 can pass.

z

On port GigabitEthernet 1/0/1 of Switch, only IP packets with the source MAC address of
00-01-02-03-04-06 and the source IP address of 192.168.0.1 can pass.

z

On port GigabitEthernet 1/0/2 of Switch, only IP packets with the source MAC address of
00-01-02-03-04-07 and the source IP address of 192.168.0.2 can pass.

Network diagram

Figure 26-1

Network diagram for configuring static binding entries

Configuration procedure

1) Configure

AC

# Configure the IP addresses of various interfaces (omitted).

# Configure port GigabitEthernet 0/0/2 of AC to allow only IP packets with the source MAC address of
00-01-02-03-04-05 and the source IP address of 192.168.0.3 to pass.

<AC> system-view

[AC] interface GigabitEthernet 0/0/2

[AC-GigabitEthernet0/0/2] user-bind ip-address 192.168.0.3 mac-address 0001-0203-0405

[AC-GigabitEthernet0/0/2] quit

# Configure port GigabitEthernet 0/0/1 of AC to allow only IP packets with the source MAC address of
00-01-02-03-04-06 and the source IP address of 192.168.0.1 to pass.

[AC] interface GigabitEthernet 0/0/1

Advertising
Popular Brands
Popular manuals