beautypg.com

Dynamic binding function configuration example, Network requirements – H3C Technologies H3C WX6000 Series Access Controllers User Manual

Page 290

background image

26-4

[AC-GigabitEthernet0/0/1] user-bind ip-address 192.168.0.1 mac-address 0001-0203-0406

2) Configure

Switch

# Configure the IP addresses of various interfaces (omitted).

# Configure port GigabitEthernet 1/0/1 of Switch to allow only IP packets with the source MAC address
of 00-01-02-03-04-06 and the source IP address of 192.168.0.1 to pass.

system-view

[Switch] interface gigabitethernet 1/0/1

[Switch-GigabitEthernet1/0/1] user-bind ip-address 192.168.0.1 mac-address 0001-0203-0406

[Switch-GigabitEthernet1/0/1] quit

# Configure port GigabitEthernet 1/0/2 of Switch to allow only IP packets with the source MAC address
of 00-01-02-03-04-07 and the source IP address of 192.168.0.2 to pass.

[Switch] interface gigabitethernet 1/0/2

[Switch-GigabitEthernet1/0/2] user-bind ip-address 192.168.0.2 mac-address 0001-0203-0407

3) Verify the configuration

# On AC, static binding entries are configured successfully.

display user-bind

The following user address bindings have been configured:

MAC IP Vlan Port Status

0001-0203-0405 192.168.0.3 N/A GigabitEthernet0/0/2 Static

0001-0203-0406 192.168.0.1 N/A GigabitEthernet0/0/1 Static

------------------2 binding entries queried, 2 listed------------------

# On Switch, static binding entries are configured successfully.

display user-bind

The following user address bindings have been configured:

MAC IP Vlan Port Status

0001-0203-0406 192.168.0.1 N/A GigabitEthernet1/0/1 Static

0001-0203-0407 192.168.0.2 N/A GigabitEthernet1/0/2 Static

------------------2 binding entries queried, 2 listed------------------

Dynamic Binding Function Configuration Example

Network requirements

AC connects to Client and DHCP Server through GigabitEthernet 0/0/1 and GigabitEthernet 0/0/2
respectively. DHCP Snooping is enabled on AC.

Detailed requirements are as follows:

z

Client (with the MAC address of 00-01-02-03-04-06) obtains an IP address through the DHCP
Server.

z

On AC, create the DHCP Snooping entry of Client.

z

On port GigabitEthernet 0/0/1 of AC, enable dynamic binding function to prevent attacks from using
forged IP addresses to attack the server.

See also other documents in the category H3C Technologies Routers: