Configuring a static IPv4 source guard entry
Static IPv4 binding entries take effect only on the ports configured with the IPv4 source guard function (see "Enabling IPv4 source guard on a port").
Port-based static IPv4 source guard entries and dynamic IPv4 source guard entries take precedence over global static IPv4 source guard entries. A port matches a packet against global static binding entries only when the packet does not match any port-based static binding entry or dynamic binding entry on the port.
Configuring global static IPv4 binding entries
A global static binding entry defines the IP address and MAC address of the packets that can be forwarded by ports. It takes effect on all ports of the device.
To configure a global static IPv4 binding entry:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Configure a global static IPv4 binding entry. | ip source binding ip-address ip-address mac-address mac-address | No global static IPv4 binding entry is configured by default. |
Configuring port-based static IPv4 binding entries
Follow these guidelines to configure a static IPv4 source guard entry:
You cannot configure the same static binding entry on one port, but you can configure the same static entry on different ports.
When the ARP detection function is configured, be sure to specify the VLAN where ARP detection is configured in static IPv4 binding entries. Otherwise, ARP packets are discarded because they cannot match any static IPv4 binding entry.
If a static binding entry to be added denotes the same binding as an existing dynamic binding entry, the new static binding entry overwrites the dynamic binding entry.
To configure a static IPv4 binding entry on a port:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter Layer 2 Ethernet interface view. | interface interface-type interface-number | N/A |
3. Configure a static IPv4 source guard entry on the port. | ip source binding { ip-address ip-address | ip-address ip-address mac-address mac-address | mac-address mac-address } [ vlan vlan-id ] | By default, no static IPv4 binding entry is configured on a port. IP source guard does not use the VLAN information (if specified) in static IPv4 binding entries to filter packets. |