How it Works
H3C
Loading...
S3610 Series
Command Manual
54 pgs214.86 Kb0
Command Manual
13 pgs72.57 Kb0
Command Manual
83 pgs481.87 Kb0
Operation Manual
15 pgs137.06 Kb0
Operation Manual
175 pgs1.78 Mb0
Operation Manual
60 pgs2.65 Mb0
Operation Manual
50 pgs2.42 Mb0
Operation Manual
10 pgs243.84 Kb0
Operation Manual
14 pgs101.15 Kb0
Operation Manual
26 pgs501.85 Kb0
Operation Manual
52 pgs787.48 Kb0
Operation Manual
11 pgs86.79 Kb0
Operation Manual
23 pgs311.89 Kb0
Operation Manual
16 pgs486.02 Kb0
Operation Manual
12 pgs149.52 Kb0
Operation Manual
30 pgs222.87 Kb0
Operation Manual
5 pgs78.73 Kb0
Operation Manual
41 pgs751.26 Kb0
Operation Manual
26 pgs198.4 Kb0
Operation Manual
5 pgs68.77 Kb0
Quick Start Manual
84 pgs1.18 Mb0

H3C S5510 Series, S3610 Series Operation Manual

Download
Page 1
Operation Manual – MAC-IP-Port Binding H3C S3610&S5510 Series Ethernet Switches Table of Contents
i
Table of Contents
Chapter 1 MAC-IP-Port Binding Configuration ..........................................................................1-1
1.1 MAC-IP-Port Binding Overview .........................................................................................1-1
1.2 Configuring MAC-IP-Port Binding......................................................................................1-1
1.3 Displaying and Maintaining MAC-IP-Port Binding.............................................................1-2
1.4 MAC-IP-Port Binding Configuration Example....................................................................1-2
Page 2
Operation Manual – MAC-IP-Port Binding H3C S3610&S5510 Series Ethernet Switches Chapter 1
MAC-IP-Port Binding Configuration
1-1
Chapter 1 MAC-IP-Port Binding Configuration
1.1 MAC-IP-Port Binding Overview
MAC-IP-port binding allows a device to filter packets and thus enhance security. With MAC-IP-port binding configured, a port checks whether the source MAC and IP addresses of an inbound packet is identical to the configured MAC-to-IP binding on the port. If so, it forwards the packet; otherwise, it discards the packet.
1.2 Configuring MAC-IP-Port Binding
Follow these steps to configure MAC-IP-port binding:
To do… Use the command… Remarks
Enter system view
system-view
Bind a MAC-IP address pair to multiple ports
user-bind mac-addr mac-address ip-addr ip-address interface interface-list
interface interface-type interface-number
Configu re MAC-IP
-port binding
Bind a MAC-IP address pair to the current port
user-bind mac-addr mac-address ip-addr ip-address
Required Use either
approach.
Caution:
z The port in an aggregation group does not support MAC-IP-Port binding
configuration.
z S3610&S5510 Series Ethernet Switches differentiate binding through “MAC
address + IP address + port”. You can bind a MAC address with only one IP address and vice versa. However, you can bind a MAC-IP pair to multiple ports.
z MAC-IP-port binding is on a per-port basis, that is, a port with MAC-IP-port binding
enabled filters packets independently; it does not affect any other port.
z The MAC address to be bound cannot be all 0s, all Fs, or a multicast address. The
IP address can only be a Class A, Class B, or Class C address and can neither be
127.x.x.x nor 0.0.0.0.
Page 3
Operation Manual – MAC-IP-Port Binding H3C S3610&S5510 Series Ethernet Switches Chapter 1
MAC-IP-Port Binding Configuration
1-2
1.3 Displaying and Maintaining MAC-IP-Port Binding
To do… Use the command… Remarks
Display the MAC-IP-port binding entries configured on all ports
display user-bind
Display the MAC-IP-port binding entries configured on all ports for a specified MAC address
display user-bind mac-addr mac-address
Display the MAC-IP-port binding entries configured on all ports for a specified IP address
display user-bind ip-addr ip-address
Display the MAC-IP-port binding entries configured on specified ports
display user-bind interface interface-list
Available in any view
1.4 MAC-IP-Port Binding Configuration Example
I. Network Requirements
As shown in Figure 1-1, switches LSA and LSB and dat a terminals DT1, DT 2, and DT3 are on an Ethernet. DT1 and DT2 are connected to ports Ethernet 1/0/4 and Ethernet 1/0/5 of LSB respectively , DT3 is connected to port Ethern et 1/0/4 of LSA, while LSB is connected to port Ethernet 1/0/5 of LSA.
Detailed requirements are as follows:
z On port Ethernet 1/0/4 of LSA, only IP packets with the source MAC address of
00-01-02-03-04-05 and the source IP address of 192.168.0.3 can pass.
z On port Ethernet 1/0/5 of LSA, only IP packets with the source MAC address of
00-01-02-03-04-06 and the source IP address of 192.168.0.1 can pass.
z On port Ethernet 1/0/4 of LSB, only IP packets with the source MAC address of
00-01-02-03-04-06 and the source IP address of 192.168.0.1 can pass.
z On port Ethernet 1/0/5 of LSB, only IP packets with the source MAC address of
00-01-02-03-04-07 and the source IP address of 192.168.0.2 can pass.
Page 4
Operation Manual – MAC-IP-Port Binding H3C S3610&S5510 Series Ethernet Switches Chapter 1
MAC-IP-Port Binding Configuration
1-3
II. Network Diagram
PC
PC
PC
LSA
LSB
DT3 MAC 0 IP 19 2 to inte
DT2 MAC 00 -01-02 -03 -04­IP 19 2 . 16 8 . 0. 2 to inter face Ethernet
DT1 MAC 00 -01 -02 -0 3-04 - 06 IP 192.168.0.1 to interface Ethernet1/0/4
Ethern et1/0/4
Ethernet1/0/5
Ethernet1/0/5 Ethernet1/0/4
0-01- 02 -03-04- 05 .16 8.0. 3 rface Ethernet1/0/4
07
1/ 0/5
PC
PC
PC
LSA
LSB
DT3 MAC 0 IP 19 2 to inte
DT2 MAC 00 -01-02 -03 -04­IP 19 2 . 16 8 . 0. 2 to inter face Ethernet
DT1 MAC 00 -01 -02 -0 3-04 - 06 IP 192.168.0.1 to interface Ethernet1/0/4
Ethern et1/0/4
Ethernet1/0/5
Ethernet1/0/5 Ethernet1/0/4
0-01- 02 -03-04- 05 .16 8.0. 3 rface Ethernet1/0/4
07
1/ 0/5
PC
PC
PC
LSA
LSB
DT3 MAC 0 IP 19 2 to inte
DT2 MAC 00 -01-02 -03 -04­IP 19 2 . 16 8 . 0. 2 to inter face Ethernet
DT1 MAC 00 -01 -02 -0 3-04 - 06 IP 192.168.0.1 to interface Ethernet1/0/4
Ethern et1/0/4
Ethernet1/0/5
Ethernet1/0/5 Ethernet1/0/4
0-01- 02 -03-04- 05 .16 8.0. 3 rface Ethernet1/0/4
07
1/ 0/5
g
Figure 1-1
Network diagram for MAC-IP-port bindin
III. Configuration Procedure
1) Configure LSA # Configure port Ethernet 1/0/4 of LSA to allow only IP packets with the source MAC
address of 00-01-02-03-04-05 and the source IP address of 192.168.0.3 to pass.
<Sysname> system-view [Sysname] interface ethernet 1/0/4 [Sysname-Ethernet1/0/4] user-bind mac-addr 0001-0203-0405 ip-addr
192.168.0.3 [Sysname-Ethernet1/0/4] quit
# Configure port Ethernet 1/0/5 of LSA to allow only IP packets with the source MAC address of 00-01-02-03-04-06 and the source IP address of 192.168.0.1 to pass.
[Sysname] interface ethernet 1/0/5 [Sysname-Ethernet1/0/5] user-bind mac-addr 0001-0203-0406 ip-addr
192.168.0.1
2) Configure LSB # Configure port Ethernet 1/0/4 of LSB to allow only IP packets with the source MAC
address of 00-01-02-03-04-06 and the source IP address of 192.168.0.1 to pass.
<Sysname> system-view [Sysname] user-bind mac-addr 0001-0203-0406 ip-addr 192.168.0.1 interface ethernet 1/0/4
# Configure port Ethernet1/0/5 of LSB to allow only IP packets with the source MAC address of 00-01-02-03-04-07 and the source IP address of 192.168.0.2 to pass.
Page 5
Operation Manual – MAC-IP-Port Binding H3C S3610&S5510 Series Ethernet Switches Chapter 1
MAC-IP-Port Binding Configuration
1-4
[Sysname] user-bind mac-addr 0001-0203-0407 ip-addr 192.168.0.2 interface ethernet 1/0/5
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use