FAQ-S7706 配置user-bind static 进行 ip+mac+接口绑定,不是属于绑定表的PC,接入该接口,S7706也能够ping通PC,是否正常

发布时间:  2016-02-16 浏览次数:  297 下载次数:  0
问题描述

S7706 配置user-bind static 进行 ip+mac+接口绑定,不是属于绑定表的PC,接入该接口,S7706也能够ping通PC,是否正常?

<QQXX_HEXIN_S7706>dis cur | in user-bin
user-bind static ip-address 192.168.1.121 mac-address 0016-ece3-e223 interface GigabitEthernet2/0/24
ip source check user-bind enable
<QQXX_HEXIN_S7706>dis arp all | in 192.168.1.121
IP ADDRESS      MAC ADDRESS     EXPIRE(M) TYPE        INTERFACE   VPN-INSTANCE
                                       
VLAN/CEVLAN
------------------------------------------------------------------------------
192.168.1.121   0016-ece3-e327  12        D-0         GE2/0/24
------------------------------------------------------------------------------
Total:263       Dynamic:249     Static:0     Interface:14  
<QQXX_HEXIN_S7706>sy   
Enter system view, return user view with Ctrl+Z.
[QQXX_HEXIN_S7706]int g2/0/24
[QQXX_HEXIN_S7706-GigabitEthernet2/0/24]dis thi
#
interface GigabitEthernet2/0/24
port link-type trunk
port trunk allow-pass vlan 2 to 4094
ip source check user-bind enable
#
return
[QQXX_HEXIN_S7706-GigabitEthernet2/0/24]
<QQXX_HEXIN_S7706>ping 192.168.1.121
 
PING 192.168.1.121: 56  data bytes, press CTRL_C to break
   
Reply from 192.168.1.121: bytes=56 Sequence=1 ttl=64 time=1 ms
  
Reply from 192.168.1.121: bytes=56 Sequence=2 ttl=64 time=1 ms
  
Reply from 192.168.1.121: bytes=56 Sequence=3 ttl=64 time=1 ms
  
Reply from 192.168.1.121: bytes=56 Sequence=4 ttl=64 time=1 ms
  
Reply from 192.168.1.121: bytes=56 Sequence=5 ttl=64 time=1 ms
 
--- 192.168.1.121 ping statistics ---
  
5 packet(s) transmitted
  
5 packet(s) received
  
0.00% packet loss
  
round-trip min/avg/max = 1/1/1 ms

解决方案

框式设备上,CPCAR的优先级要高于IPSG下发的deny规则,所以协议报文会直接通过,但是业务流量还是会被deny掉,S7706能够ping 通PC是正常现象。

 

END