No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S1720GFR, S2700, S5700, and S6720 V200R010C00 Web-based Configuration Guide

This document describes the configuration and maintenance of device through the web network management system. The web network management system provides the functions of viewing device information and managing the entire system, interfaces, services, ACL, QoS, routes, security, and tools.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
IPSG

IPSG

IP Source Guard (IPSG) can prevent IP address spoofing attacks.

Context

IPSG implements source IP address filtering based on Layer 2 interfaces to prevent malicious hosts from posing as authorized hosts by using authorized hosts' IP addresses. In addition, IPSG prevents unauthorized hosts from accessing or attacking networks with the IP addresses configured by themselves.

IPSG Configuration

After IPSG is configured on an interface, the switch performs IPSG check on all packets received by this interface.

Context

IPSG checks IP packets on Layer 2 interfaces against a binding table that contains the bindings of source IP addresses, source MAC addresses, VLANs, and inbound interfaces. Only packets matching the binding table are forwarded, and other packets are discarded.

After IPSG is configured on an interface, the switch performs IPSG check on all packets received by this interface. You can specify the check items.

Procedure

  • Configure the IPSG function.
    1. Choose Security > IPSG > IPSG Configuration in the navigation tree to open the IPSG Configuration page, as shown in Figure 2-223.

      Figure 2-223  IPSG Configuration

    2. Select an interface and click Configure to open the IPSG Configuration page, as shown in Figure 2-224.

      Figure 2-224  Configuring IPSG on interface

      Table 2-130 describes the parameters on the page.

      Table 2-130  Configuring IPSG on interface

      Parameter

      Description

      Interface name

      Indicates the interface where the IPSG function will be configured.

      IPSG status

      Indicates the IPSG status on the interface, including enabled and disabled.

      IPSG binding type

      Indicates the IP packet check items, including:
      • IP
      • MAC
      • VLAN
      • IP+MAC
      • IP+VLAN
      • MAC+VLAN
      • IP+MAC+VLAN

    3. Set the required parameters.
    4. Click OK to complete the configuration.
  • Update the IPSG information on the interface.
    1. Choose Security > IPSG > IPSG Configuration in the navigation tree to open the IPSG Configuration page.
    2. Click Refresh to update the IPSG information on the interface.
  • Query the IPSG information on the interface.
    1. Choose Security > IPSG > IPSG Configuration in the navigation tree to open the IPSG Configuration page.
    2. In the Query area, select an interface type and enter the interface number, and click Query.
    3. Click Detail to view detailed IPSG information.

Static User Binding

Static user binding entries are configured manually.

Context

IPSG based on a static binding table filters IP packets received by untrusted interfaces, to prevent malicious hosts from stealing authorized hosts' IP addresses to access the network without permission.

IPSG based on a static binding table is applicable to a LAN where a small number of hosts reside and the hosts use static IP addresses.

Procedure

  • Create a static user binding entry.
    1. Choose Security > IPSG > Static User Binding to open the Static User Binding page, as shown in Figure 2-225.

      Figure 2-225  Static User Binding

      Table 2-131 describes the parameters on the page.

      Table 2-131  Static User Binding

      Parameter

      Description

      Interface Name

      Indicates the interface through which a user goes online.

      MAC

      Indicates the MAC address of a user.

      IPv4/IPv6

      Indicates the IPv4/IPv6 address of the user.

      VLAN ID

      Indicates the ID of a user VLAN.

    2. Click Create to open the Create a Static User Binding page, as shown in Figure 2-226.

      Figure 2-226  Create a Static User Binding

      Table 2-132 describes the parameters on the page.

      Table 2-132  Create a Static User Binding

      Parameter

      Description

      Binding mode

      Indicates the mode of the static user binding entry.

      Interface name

      Indicates the interface through which a user goes online.

      VLAN ID

      Indicates the ID of a user VLAN.

      MAC

      Indicates the MAC address of a user.

      IPv4

      Indicates the IPv4 address of the user.

      IPv6

      Indicates the IPv6 address of the user.

    3. Set the required parameters.
    4. Click OK to complete the configuration.
  • Delete a static user binding entry.
    1. Choose Security > IPSG > Static User Binding to open the Static User Binding page.
    2. Select a static user binding entry and click Delete.
  • Update static user binding entries.
    1. Choose Security > IPSG > Static User Binding to open the Static User Binding page.
    2. Click Refresh to update static user binding entries.
  • Query static user binding entries.
    1. Choose Security > IPSG > Static User Binding to open the Static User Binding page.
    2. In the Query area, select an interface type and enter the interface number, or select VLAN ID and enter a VLAN ID, and click Query.

One-Click Bind

The one-click binding function creates static user binding entries based on ARP entry information.

Context

After one-click binding is configured, the switch can generate static user binding entries based on ARP entry information. This function improves efficiency of user static binding entry creation.

Procedure

  • Configure static user binding entries based on ARP entry information.
    1. Choose Security > IPSG > One-Click Bind in the navigation tree to open the One-Click Bind page, as shown in Figure 2-227.

      Figure 2-227  One-Click Bind

      Table 2-133 describes the parameters on the page.

      Table 2-133  One-Click Bind

      Parameter

      Description

      Interface Name

      Indicates the interface in the user's ARP entry.

      VLAN ID

      Indicates the VLAN ID in the user's ARP entry.

      MAC Address

      Indicates the MAC address in the user's ARP entry.

      IP Address

      Indicates the IP address in the user's ARP entry.

      Binding Status

      Indicates the status of a static user binding entry generated according to ARP entry, including bound and not bound.

    2. To bind one static user binding entry based on ARP entry, click Bind; to bind multiple static user binding entries based on ARP entries, click One-Click Bind.
  • Delete the user static binding entries generated based on ARP entries.
    1. Choose Security > IPSG > One-Click Bind in the navigation tree to open the One-Click Bind page.
    2. To unbind one static user binding entry, click Unbind; to unbind multiple static user binding entries, click One-Click unbind.
  • Update the ARP entries and static user binding entries generated based on ARP entries.
    1. Choose Security > IPSG > One-Click Bind in the navigation tree to open the One-Click Bind page.
    2. Click Refresh to update the ARP entries and static user binding entries generated based on ARP entries.
  • Query ARP entries.
    1. Choose Security > IPSG > One-Click Bind in the navigation tree to open the One-Click Bind page.
    2. In the Query area, select an interface type and enter the interface number, and click Query.
Translation
Download
Updated: 2019-04-18

Document ID: EDOC1000114003

Views: 37186

Downloads: 992

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next