Dynamic binding function configuration example, Network requirements – H3C Technologies H3C WX6000 Series Access Controllers User Manual
Page 290

26-4
[AC-GigabitEthernet0/0/1] user-bind ip-address 192.168.0.1 mac-address 0001-0203-0406
2) Configure
Switch
# Configure the IP addresses of various interfaces (omitted).
# Configure port GigabitEthernet 1/0/1 of Switch to allow only IP packets with the source MAC address
of 00-01-02-03-04-06 and the source IP address of 192.168.0.1 to pass.
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] user-bind ip-address 192.168.0.1 mac-address 0001-0203-0406
[Switch-GigabitEthernet1/0/1] quit
# Configure port GigabitEthernet 1/0/2 of Switch to allow only IP packets with the source MAC address
of 00-01-02-03-04-07 and the source IP address of 192.168.0.2 to pass.
[Switch] interface gigabitethernet 1/0/2
[Switch-GigabitEthernet1/0/2] user-bind ip-address 192.168.0.2 mac-address 0001-0203-0407
3) Verify the configuration
# On AC, static binding entries are configured successfully.
The following user address bindings have been configured:
MAC IP Vlan Port Status
0001-0203-0405 192.168.0.3 N/A GigabitEthernet0/0/2 Static
0001-0203-0406 192.168.0.1 N/A GigabitEthernet0/0/1 Static
------------------2 binding entries queried, 2 listed------------------
# On Switch, static binding entries are configured successfully.
The following user address bindings have been configured:
MAC IP Vlan Port Status
0001-0203-0406 192.168.0.1 N/A GigabitEthernet1/0/1 Static
0001-0203-0407 192.168.0.2 N/A GigabitEthernet1/0/2 Static
------------------2 binding entries queried, 2 listed------------------
Dynamic Binding Function Configuration Example
Network requirements
AC connects to Client and DHCP Server through GigabitEthernet 0/0/1 and GigabitEthernet 0/0/2
respectively. DHCP Snooping is enabled on AC.
Detailed requirements are as follows:
z
Client (with the MAC address of 00-01-02-03-04-06) obtains an IP address through the DHCP
Server.
z
On AC, create the DHCP Snooping entry of Client.
z
On port GigabitEthernet 0/0/1 of AC, enable dynamic binding function to prevent attacks from using
forged IP addresses to attack the server.