H3C Technologies H3C S7500E Series Switches User Manual

13-3

To do…

Use the command…

Remarks

Configure a static IP source

guard binding entry

user-bind { ip-address

ip-address |

ip-address ip-address

mac-address mac-address |

mac-address mac-address }

[ vlan vlan-id ]

Required

No static IP source guard

binding entry exists by default.

z

The system does not support repeatedly binding the same static IP source guard binding

entry to one port.

z

The same static binding entry can be configured to multiple ports.

z

In a valid IP source guard binding entry, the MAC address cannot be all 0s, all Fs (a

broadcast address), or a multicast address, and the IP address can only be a Class A,

Class B, or Class C address and can be neither 127.x.x.x nor 0.0.0.0.

z

A static IP source guard binding entry can be configured on only Layer-2 Ethernet ports.

Configuring the Dynamic IP Source Guard Binding Function

After the dynamic IP source guard binding function is enabled on a port, IP source guard will

obtain binding entries through cooperation with DHCP protocols.

z

Cooperating with DHCP snooping, IP source guard will automatically obtain the DHCP

snooping entries that are generated during dynamic IP address allocation on a Layer 2

Ethernet port.

z

Cooperating with DHCP Relay, IP source guard will automatically obtain the DHCP Relay

entries that are generated during dynamic IP address allocation across network segments

on a VLAN interface.

These dynamically obtained IP source guard binding entries contain such information as MAC

address, IP address, VLAN tag, port information and entry type. IP source guard applies these

binding entries to the port, so that the port can filter packets according to the IP source guard

binding entries.

Follow these steps to configure port filtering:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter interface view

interface interface-type

interface-number

—