Manualsbrain.com
  1. Manuals
  2. Brands
  3. 3com
  4. 5500-ei pwr
  5. Installation Instruction

3com 5500-ei pwr Installation Instruction

Download
Page of 1072
 
4-5 
client cannot be recorded in the DHCP-snooping table. Consequently, this client cannot pass the IP 
filtering of the DHCP-snooping table, thus it cannot access external networks. 
To solve this problem, the switch supports the configuration of static binding table entries, that is, the 
binding relationship between IP address, MAC address, and the port connecting to the client, so that 
packets of the client can be correctly forwarded.  
IP-to-MAC mappings of authenticated 802.1x clients 
If most clients are assigned with static IP addresses, you need to configure an IP static binding for each 
client. The configuration is a heavy workload and causes errors easily. 
To ensure security, in actual networks, clients are usually connected to networks through 802.1x 
authentication. With the authenticated 802.1x client-based IP filtering function enabled, the switch can 
record and query the IP-to-MAC mappings of authenticated 802.1x clients to defend against IP attacks. 
IP filtering 
IP filtering can be implemented based on the DHCP-snooping table, IP static binding table, or 
IP-to-MAC mappings of authenticated 802.1x clients, according to actual network requirements. The 
switch can filter IP packets in the following modes:  
Filtering packets based on their source IP addresses. If the source IP address in a packet and the 
number of the port that receives the packet match an entry or mapping, the switch regards the 
packet as a valid packet and forwards it; otherwise, the switch drops it directly.  
Filtering packets based on their source IP and MAC addresses. If the source IP address and 
source MAC address in the packet, and the number of the port that receives the packet match an 
entry or mapping, the switch regards the packet as a valid packet and forwards it; otherwise, the 
switch drops it directly.  
Configuring DHCP Snooping 
Configuring DHCP Snooping 
Follow these steps to configure DHCP snooping: 
To do… 
Use the command… 
Remarks 
Enter system view 
system-view 
— 
Enable DHCP snooping  
dhcp-snooping 
Required 
By default, the DHCP snooping 
function is disabled. 
Enter Ethernet port view 
interface interface-type 
interface-number 
— 
Specify the current port as a 
trusted port  
dhcp-snooping trust 
Required 
By default, after DHCP 
snooping is enabled, all ports of 
a switch are untrusted ports.