3com S7906E Instruccion De Instalación
1-5
# Configure port GigabitEthernet 2/0/1 of Switch B to allow only IP packets with the source MAC
address of 00-01-02-03-04-07 and the source IP address of 192.168.0.2 to pass.
[SwitchB] interface gigabitethernet 2/0/1
[SwitchB-GigabitEthernet2/0/1] user-bind ip-address 192.168.0.2 mac-address 0001-0203-0407
3) Verify the configuration
# On Switch A, static binding entries are configured successfully.
<SwitchA> display user-bind
Total entries found: 2
MAC IP Vlan Port Status
0001-0203-0405 192.168.0.3 N/A GigabitEthernet2/0/2 Static
0001-0203-0406 192.168.0.1 N/A GigabitEthernet2/0/1 Static
# On Switch B, static binding entries are configured successfully.
<SwitchB> display user-bind
Total entries found: 2
MAC IP Vlan Port Status
0001-0203-0406 192.168.0.1 N/A GigabitEthernet2/0/2 Static
0001-0203-0407 192.168.0.2 N/A GigabitEthernet2/0/1 Static
Dynamic Binding Function Configuration Example 1
Network requirements
As shown in
, Switch A connects to Client A and the DHCP server through ports
GigabitEthernet 2/0/1 and GigabitEthernet 2/0/2 respectively. DHCP snooping is enabled on Switch A.
Detailed requirements are as follows:
z
Client A (with the MAC address of 00-01-02-03-04-06) obtains an IP address through the DHCP
server.
z
On Switch A, create a DHCP snooping entry for Client A.
z
On port GigabitEthernet 2/0/1 of Switch A, enable dynamic binding function to prevent attackers
from using forged IP addresses to attack the server.
For detailed configuration of a DHCP server, refer to DHCP Configuration in the IP Service Volume.
Figure 1-2 Network diagram for configuring dynamic binding
Configuration procedure
1) Configure Switch A