3com 5500-ei pwr Instruccion De Instalación
4-10
z
For details about 802.1x authentication, refer to 802.1x and System Guard Operation.
z
You are not recommended to configure IP filtering on the ports of an aggregation group.
z
Enable DHCP snooping and specify trusted ports on the switch before configuring IP filtering based
on the DHCP-snooping table.
z
To implement IP filtering based on IP-to-MAC bindings of authenticated 802.1x clients, the device
assigns an ACL to each of such bindings. If an ACL fails to be assigned to a binding, the
corresponding authenticated 802.1x client is forced to go offline.
z
IP filtering based on IP-to-MAC bindings of authenticated 802.1x clients requires to be associated
with 802.1x based on MAC address authentication, and requires 802.1x clients to provide IP
addresses; otherwise, the IP addresses of 802.1x clients cannot be obtained. To ensure IP
addresses of DHCP clients can be updated for corresponding IP-to-MAC entries, you are
recommended to enable 802.1x authentication handshake function; otherwise, you need to disable
802.1x authentication triggered by DHCP, ensuring normal receiving and forwarding of multicast
authentication packets.
z
To create a static binding after IP filtering is enabled with the mac-address keyword specified on a
port, the mac-address argument must be specified; otherwise, the packets sent from this IP
address cannot pass the IP filtering.
z
A static entry has a higher priority than the dynamic DHCP snooping entry that has the same IP
address as the static one. That is, if the static entry is configured after the dynamic entry is
recorded, the static entry overwrites the dynamic entry; if the static entry is configured before
DHCP snooping is enabled, no DHCP client can obtain the IP address of the static entry, that is, the
dynamic DHCP snooping entry cannot be generated.
z
The VLAN ID of the IP static binding configured on a port is the VLAN ID of the port.
Displaying and Maintaining DHCP Snooping Configuration
To do…
Use the command…
Remarks
Display the user IP-to-MAC address
mapping entries recorded by the DHCP
snooping function
mapping entries recorded by the DHCP
snooping function
display dhcp-snooping [ unit unit-id ]
Display the (enabled/disabled) state of
the DHCP snooping function and the
trusted ports
the DHCP snooping function and the
trusted ports
display dhcp-snooping trust
Display the IP static binding table
display ip source static binding [ vlan
vlan-id | interface interface-type
interface-number ]
vlan-id | interface interface-type
interface-number ]
Available in
any view
any view
Remove DHCP snooping entries
reset dhcp-snooping [ ip-address ]
Available in
user view
user view