No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 13

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuration Examples

Configuration Examples

This section provides several IPSG configuration examples, including networking requirements and configuration roadmap.

Example for Configuring IPSG to Check Interface + IP + MAC Binding Entries

Networking Requirements

As shown in Figure 12-53, HostA and HostB are connected to 10GE1/17/1 and 10GE1/17/2 on the Switch Module respectively. It is required that HostB not forge the IP address and MAC address of HostA and IP packets from HostA be sent to the Server.

Figure 12-53 Networking diagram of configuring IPSG

Configuration Roadmap

Assume that the user is configured with an IP address statically. The configuration roadmap is as follows:

  1. Enable IP packet check on the interfaces connecting HostA and HostB.
  2. Configure static binding entries for users statically obtaining IP addresses.

This configuration example provides only the commands related to IP source guard.

Procedure

  1. Configure IP packet check.

    # Enable IP packet check on 10GE1/17/1 connected to HostA.

    <HUAWEI> system-view
    [~HUAWEI] sysname Switch
    [*HUAWEI] commit
    [~Switch] interface 10ge 1/17/1
    [~Switch-10GE1/17/1] ip source check user-bind enable

    # Enable the alarm function of IP packet check and set the alarm threshold on 10GE1/17/1 connected to HostA.

    [*Switch-10GE1/17/1] ip source check user-bind alarm enable
    [*Switch-10GE1/17/1] ip source check user-bind alarm threshold 200
    [*Switch-10GE1/17/1] quit

    # Enable IP packet check on 10GE1/17/2 connected to HostB.

    [*Switch] interface 10ge 1/17/2
    [*Switch-10GE1/17/2] ip source check user-bind enable

    # Enable the alarm function of IP packet check and set the alarm threshold on 10GE1/17/2 connected to HostB.

    [*Switch-10GE1/17/2] ip source check user-bind alarm enable
    [*Switch-10GE1/17/2] ip source check user-bind alarm threshold 200
    [*Switch-10GE1/17/2] quit

  2. Configure a static binding entry.

    # Configure HostA in the static binding table.

    [*Switch] user-bind static ip-address 10.0.0.1 mac-address 0001-0001-0001 interface 10ge 1/17/1
    [*Switch] commit

  3. Verify the configuration.

    Run the display user-bind static all command on Switch Module to check the binding table.

    [~Switch] display user-bind static all
    Flags: O - outer vlan, I - inner vlan, P - map vlan                             
    IP Address                      MAC Address     VSI/VLAN(O/I/P) Interface       
                                                                                    
    --------------------------------------------------------------------------------
    10.0.0.1                        0001-0001-0001  --  /--  /--    10GE1/17/1       
    --------------------------------------------------------------------------------
    Print count:           1          Total count:           1                      

    The command output indicates that HostA has been configured in the static binding table.

Configuration Files

Configuration file of Switch

#
sysname Switch
#
user-bind static ip-address 10.0.0.1 mac-address 0001-0001-0001 interface 10GE1/17/1
#
interface 10GE1/17/1
 ip source check user-bind enable
 ip source check user-bind alarm enable
 ip source check user-bind alarm threshold 200
#
interface 10GE1/17/2
 ip source check user-bind enable
 ip source check user-bind alarm enable
 ip source check user-bind alarm threshold 200
#
return
Translation
Download
Updated: 2019-12-13

Document ID: EDOC1000041694

Views: 59962

Downloads: 3623

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next