3com S7906E Installationsanweisungen

 

1-5 

# Configure port GigabitEthernet 2/0/1 of Switch B to allow only IP packets with the source MAC 

address of 00-01-02-03-04-07 and the source IP address of 192.168.0.2 to pass. 

[SwitchB] interface gigabitethernet 2/0/1 

[SwitchB-GigabitEthernet2/0/1] user-bind ip-address 192.168.0.2 mac-address 0001-0203-0407 

3)  Verify the configuration 

# On Switch A, static binding entries are configured successfully. 

<SwitchA> display user-bind 

Total entries found: 2 

 MAC               IP               Vlan   Port                                  Status 

 0001-0203-0405    192.168.0.3      N/A    GigabitEthernet2/0/2                  Static 

 0001-0203-0406    192.168.0.1      N/A    GigabitEthernet2/0/1                  Static 

# On Switch B, static binding entries are configured successfully. 

<SwitchB> display user-bind 

Total entries found: 2 

 MAC               IP               Vlan   Port                                  Status 

 0001-0203-0406    192.168.0.1      N/A    GigabitEthernet2/0/2                  Static 

 0001-0203-0407    192.168.0.2      N/A    GigabitEthernet2/0/1                  Static 

As shown in 

, Switch A connects to Client A and the DHCP server through ports 

GigabitEthernet 2/0/1 and GigabitEthernet 2/0/2 respectively. DHCP snooping is enabled on Switch A.  

Detailed requirements are as follows: 

z 

Client A (with the MAC address of 00-01-02-03-04-06) obtains an IP address through the DHCP 

server.  

z 

On Switch A, create a DHCP snooping entry for Client A.  

z 

On port GigabitEthernet 2/0/1 of Switch A, enable dynamic binding function to prevent attackers 

from using forged IP addresses to attack the server. 

 

For detailed configuration of a DHCP server, refer to DHCP Configuration in the IP Service Volume.  

 

Figure 1-2 Network diagram for configuring dynamic binding 

 

 

 

1)  Configure Switch A