Ip source guard configuration examples, Network requirements, Configuration procedure – H3C Technologies H3C S7500E Series Switches User Manual
Page 246
13-5
IP Source Guard Configuration Examples
Static IP Source Guard Binding Entry Configuration Example
Network requirements
As shown in
, Host A and Host B are connected to ports GigabitEthernet 2/0/2 and
GigabitEthernet 2/0/1 of Switch B respectively, Host C is connected to port GigabitEthernet
2/0/2 of Switch A, and Switch B is connected to port GigabitEthernet 2/0/1 of Switch A.
Configure static IP source guard binding entries on Switch A and Switch B to meet the following
requirements:
z
On port GigabitEthernet 2/0/2 of Switch A, only IP packets from Host C can pass.
z
On port GigabitEthernet 2/0/1 of Switch A, only IP packets from Host A can pass.
z
On port GigabitEthernet 2/0/2 of Switch B, only IP packets from Host A can pass.
z
On port GigabitEthernet 2/0/1 of Switch B, only IP packets from Host B can pass.
Figure 13-2 Network diagram for configuring static binding entries
Configuration procedure
1) Configure
Switch
A
# Configure port GigabitEthernet 2/0/2 of Switch A to allow only IP packets with the source MAC
address of 00-01-02-03-04-05 and the source IP address of 192.168.0.3 to pass.
[SwitchA] interface gigabitethernet 2/0/2
[SwitchA-GigabitEthernet2/0/2] user-bind ip-address 192.168.0.3 mac-address
0001-0203-0405
[SwitchA-GigabitEthernet2/0/2] quit
# Configure port GigabitEthernet 2/0/1 of Switch A to allow only IP packets with the source MAC
address of 00-01-02-03-04-06 and the source IP address of 192.168.0.1 to pass.
[SwitchA] interface gigabitethernet 2/0/1
[SwitchA-GigabitEthernet2/0/1] user-bind ip-address 192.168.0.1 mac-address
0001-0203-0406
2) Configure
Switch
B
# Configure the IP addresses of various interfaces (omitted).
# Configure port GigabitEthernet 2/0/2 of Switch B to allow only IP packets with the source MAC
address of 00-01-02-03-04-06 and the source IP address of 192.168.0.1 to pass.
[SwitchB] interface gigabitethernet 2/0/2