3com S7906E Installationsanweisungen

 

1-1 

 

The S7900E Series Ethernet Switches are distributed devices supporting Intelligent Resilient 

Framework (IRF). Two S7900E series can be connected together to form a distributed IRF device. If an 

S7900E series is not in any IRF, it operates as a distributed device; if the S7900E series is in an IRF, it 

operates as a distributed IRF device. For introduction of IRF, refer to IRF Configuration in the System 

Volume. 

 

When configuring IP Source Guard, go to these sections for information you are interested in: 

z 

IP Source Guard Overview 

z 

z 

Configuring the Dynamic Binding Function 

z 

z 

z 

By filtering packets on a per-port basis, IP source guard prevents illegal packets from traveling through 

the ports, so as to block illegal usages of network resources and improve the network security. For 

example, IP source guard can prevent an illegal host from pretending to be a legal user to access the 

network. With IP source guard enabled on a port, after receiving a packet, the port looks up the key 

attributes (including source IP address, source MAC address and VLAN tag) of the packet in the binding 

entries of the IP source guard. If there is a match, the port forwards the packet. Otherwise, the port 

discards the packet. IP source guard bindings are on a per-port basis. After a binding entry is configured 

on a port, it is effective only on the port. 

IP source guard filters packets based on the following types of binding entries: 

z 

IP-port binding entry 

z 

MAC-port binding entry 

z 

IP-MAC-port binding entry 

z 

IP-VLAN-port binding entry 

z 

MAC-VLAN-port binding entry 

z 

IP-MAC-VLAN-port binding entry 

An IP source guard binding entry can be static or dynamic, depending on how the entry is created. 

z 

A static binding is configured manually. It is suitable when there are a few hosts in a LAN or you 

need to configure a binding entry for a host separately.