No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
S7700 V200R019C10 Web-based Configuration Guide

This document describes how to configure and maintain devices through the web NMS client, including device status statistics, SVF, interface, Ethernet switching, IP service, IP routing, security, ACL, AAA, system management, QoS, WLAN, diagnosis service, and EasyDeploy.

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
IP Security

IP Security

DHCP Snooping

Context

DHCP snooping allows clients to obtain IP addresses from authorized DHCP servers. The device with DHCP snooping enabled can generate binding entries based on the IP and MAC addresses of DHCP clients.

Procedure

  1. Choose Configuration > Security Services > IP Security and click the DHCP Snooping tab, as shown in Figure 5-208.

    Figure 5-208 DHCP snooping configuration

  2. Turn on Global status to enable DHCP snooping globally.

    By default, DHCP snooping is not enabled globally.

  3. Click New and select a trusted interface in the displayed dialog box.
  4. Click Apply to configure the selected interface as a trusted interface.
  5. Click a record in VLAN List to edit its DHCP snooping status. Turn on DHCP Snooping Status and click to complete the configuration.

    You can also select multiple records and click Enable or Disable to set DHCP snooping status in a batch.

  6. Choose Configuration > Security Services > IP Security > DHCP Snooping and click the Interface List tab, as shown in Figure 5-209.

    Figure 5-209 Interface List tab page

  7. Select an interface on the Interface List tab page and edit its DHCP snooping status. Turn on DHCP Snooping Status and click to complete the configuration.

IPSG

Procedure

  1. Choose Configuration > Security Services > IP Security and click the IPSG tab, as shown in Figure 5-210.

    Figure 5-210 IPSG Configuration

  2. Select a port to be configured. Perform the following operations as required in the port area:

    • Click a port icon. To deselect the port, click the port icon again.
    • Drag the cursor to select consecutive ports in a batch.
    • Click multiple port icons to select these ports, and click a port icon again to deselect the port.
    • Select a slot where an LPU is located. All ports on the LPU are selected.

  3. Turn on IPSG status.
  4. Select an IP packet check item from IPSG matching option.
  5. Click Apply to complete the configuration.

DAI

Procedure

  1. Choose Configuration > Security Services > IP Security and click the DAI tab, as shown in Figure 5-211.

    Figure 5-211 DAI Configuration

  2. Select a port to be configured. Perform the following operations as required in the port area:

    • Click a port icon. To deselect the port, click the port icon again.
    • Drag the cursor to select consecutive ports in a batch.
    • Click multiple port icons to select these ports, and click a port icon again to deselect the port.
    • Select a slot where an LPU is located. All ports on the LPU are selected.

  3. Turn on DAI status.
  4. Select an ARP packet check item from DAI matching option.
  5. Click Apply to complete the configuration.

Static Binding Table

Context

IPSG based on a static binding table filters out IP packets received by untrusted interfaces, to prevent network access from malicious hosts using stolen IP addresses.

Procedure

  • Create a static binding entry.
    1. Choose Configuration > Security Services > IP Security and click the Static Binding Table tab, as shown in Figure 5-212.

      Figure 5-212 Static Binding Table

    2. Click Create to open the Create a Binging Entry page, as shown in Figure 5-213.

      Figure 5-213 Create a Binging Entry

      Table 5-112 describes parameters on the displayed page.
      Table 5-112 Create a Binging Entry

      Parameter

      Description

      Interface name

      Indicates the interface connected to user.

      VLAN ID

      Specifies the ID of a user VLAN. The value ranges from 1 to 4094.

      MAC address

      Indicates the MAC address of a user.

      IP address

      Specifies the static IP address of a user.

    3. Set the required parameters.
    4. Click OK.
  • Delete a static binding entry.
    1. Choose Configuration > Security Services > IP Security and click the Static Binding Table tab, as shown in Figure 5-212.
    2. Select a record that you want to delete and click Delete. The system asks you whether to delete the record.
    3. Click OK.

Dynamic Binding Table

Procedure

  1. Choose Configuration > Security Services > IP Security and click the Dynamic Binding Table tab, as shown in Figure 5-214.

    Figure 5-214 Dynamic Binding Table

  2. Click Refresh to update dynamic binding entries.

One-Click Binding

Context

After one-click binding is configured, the switch can generate static user binding entries based on ARP entry information. This function improves efficiency of user static binding entry creation.

Procedure

  • Configure static user binding entries based on ARP entry information.
    1. Choose Configuration > Security Services > IP Security > One-Click Binding. The One-Click Binding page is displayed, as shown in Figure 5-215.

      Figure 5-215 One-Click Bind

    2. To bind one static user binding entry based on ARP entry, click Bind; to bind multiple static user binding entries based on ARP entries, select the entries you want to bind and click One-Click Bind.
  • Delete the user static binding entries generated based on ARP entries.
    1. Choose Configuration > Security Services > IP Security > One-Click Binding. The One-Click Binding page is displayed, as shown in Figure 5-215.
    2. To unbind one static user binding entry, click Unbind; to unbind multiple static user binding entries, select the entries you want to unbind and click One-Click unbind.
Translation
简体中文
Download
Updated: 2022-05-20

Document ID: EDOC1100126882

Views: 155727

Downloads: 138

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :