FAQ-S2700 IP+MAC绑定

发布时间:  2015-02-15 浏览次数:  1044 下载次数:  0
问题描述

S2700 IP+MAC绑定。

解决方案

以下通过示例介绍如何配置基于静态绑定表的IPSG。

# 添加一条静态绑定表项(源IP为192.168.1.1、源MAC为0003-0003-0003),并在接口GE0/0/1上使能IPSG功能。

<HUAWEI> system-view
[HUAWEI] user-bind static ip-address 192.168.1.1 mac-address 0003-0003-0003
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] ip source check user-bind enable

# 添加一条静态绑定表项(源IP为192.168.2.1、源MAC为0002-0002-0002、接口为GE0/0/1、VLAN ID为10),并在VLAN10上使能IPSG功能。

<HUAWEI> system-view
[HUAWEI] user-bind static ip-address 192.168.2.1 mac-address 0002-0002-0002 interface gigabitethernet 0/0/1 vlan 10
[HUAWEI] vlan 10
[HUAWEI-vlan10] ip source check user-bind enable

以下通过示例介绍如何配置基于DHCP Snooping动态绑定表的IPSG。


# 配置DHCP Snooping功能,指定GE0/0/1为信任接口,并在GE1/0/2上使能IPSG。

<HUAWEI> system-view
[HUAWEI] dhcp enable
[HUAWEI] dhcp snooping enable
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] dhcp snooping trusted
[HUAWEI-GigabitEthernet0/0/1] quit
[HUAWEI] interface gigabitethernet 1/0/2
[HUAWEI-GigabitEthernet1/0/2] dhcp snooping enable
[HUAWEI-GigabitEthernet1/0/2] ip source check user-bind enable

# 配置DHCP Snooping功能,指定GE0/0/1为信任接口,并在VLAN10上使能IPSG。

<HUAWEI> system-view
[HUAWEI] vlan batch 10
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port link-type trunk
[HUAWEI-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[HUAWEI-GigabitEthernet0/0/1] quit
[HUAWEI] dhcp enable
[HUAWEI] dhcp snooping enable
[HUAWEI] vlan 10
[HUAWEI-vlan10] dhcp snooping enable
[HUAWEI-vlan10] dhcp snooping trusted interface gigabitethernet 0/0/1
[HUAWEI-vlan10] ip source check user-bind enable
 

END