Operation Manual – MAC-IP-Port Binding
H3C S3610&S5510 Series Ethernet Switches Table of Contents
i
Table of Contents
Chapter 1 MAC-IP-Port Binding Configuration ..........................................................................1-1
1.1 MAC-IP-Port Binding Overview .........................................................................................1-1
1.2 Configuring MAC-IP-Port Binding......................................................................................1-1
1.3 Displaying and Maintaining MAC-IP-Port Binding.............................................................1-2
1.4 MAC-IP-Port Binding Configuration Example....................................................................1-2
Operation Manual – MAC-IP-Port Binding
H3C S3610&S5510 Series Ethernet Switches Chapter 1
MAC-IP-Port Binding Configuration
1-1
Chapter 1 MAC-IP-Port Binding Configuration
1.1 MAC-IP-Port Binding Overview
MAC-IP-port binding allows a device to filter packets and thus enhance security. With
MAC-IP-port binding configured, a port checks whether the source MAC and IP
addresses of an inbound packet is identical to the configured MAC-to-IP binding on the
port. If so, it forwards the packet; otherwise, it discards the packet.
1.2 Configuring MAC-IP-Port Binding
Follow these steps to configure MAC-IP-port binding:
To do… Use the command… Remarks
Enter system view
system-view
—
Bind a MAC-IP
address pair to
multiple ports
user-bind mac-addr mac-address
ip-addr ip-address interface
interface-list
interface interface-type
interface-number
Configu
re
MAC-IP
-port
binding
Bind a MAC-IP
address pair to
the current
port
user-bind mac-addr mac-address
ip-addr ip-address
Required
Use either
approach.
Caution:
z The port in an aggregation group does not support MAC-IP-Port binding
configuration.
z S3610&S5510 Series Ethernet Switches differentiate binding through “MAC
address + IP address + port”. You can bind a MAC address with only one IP address
and vice versa. However, you can bind a MAC-IP pair to multiple ports.
z MAC-IP-port binding is on a per-port basis, that is, a port with MAC-IP-port binding
enabled filters packets independently; it does not affect any other port.
z The MAC address to be bound cannot be all 0s, all Fs, or a multicast address. The
IP address can only be a Class A, Class B, or Class C address and can neither be
127.x.x.x nor 0.0.0.0.
Operation Manual – MAC-IP-Port Binding
H3C S3610&S5510 Series Ethernet Switches Chapter 1
MAC-IP-Port Binding Configuration
1-2
1.3 Displaying and Maintaining MAC-IP-Port Binding
To do… Use the command… Remarks
Display the MAC-IP-port binding
entries configured on all ports
display user-bind
Display the MAC-IP-port binding
entries configured on all ports for a
specified MAC address
display user-bind
mac-addr mac-address
Display the MAC-IP-port binding
entries configured on all ports for a
specified IP address
display user-bind
ip-addr ip-address
Display the MAC-IP-port binding
entries configured on specified ports
display user-bind
interface interface-list
Available in
any view
1.4 MAC-IP-Port Binding Configuration Example
I. Network Requirements
As shown in Figure 1-1, switches LSA and LSB and data terminals DT1, DT2, and DT3
are on an Ethernet. DT1 and DT2 are connected to ports Ethernet 1/0/4 and Ethernet
1/0/5 of LSB respectively, DT3 is connected to port Ethernet 1/0/4 of LSA, while LSB is
connected to port Ethernet 1/0/5 of LSA.
Detailed requirements are as follows:
z On port Ethernet 1/0/4 of LSA, only IP packets with the source MAC address of
00-01-02-03-04-05 and the source IP address of 192.168.0.3 can pass.
z On port Ethernet 1/0/5 of LSA, only IP packets with the source MAC address of
00-01-02-03-04-06 and the source IP address of 192.168.0.1 can pass.
z On port Ethernet 1/0/4 of LSB, only IP packets with the source MAC address of
00-01-02-03-04-06 and the source IP address of 192.168.0.1 can pass.
z On port Ethernet 1/0/5 of LSB, only IP packets with the source MAC address of
00-01-02-03-04-07 and the source IP address of 192.168.0.2 can pass.
Operation Manual – MAC-IP-Port Binding
H3C S3610&S5510 Series Ethernet Switches Chapter 1
MAC-IP-Port Binding Configuration
1-3
II. Network Diagram
PC
PC
PC
LSA
LSB
DT3
MAC 0
IP 192
to inte
DT2
MAC 00-01-02- 03-04-
IP 192.168.0.2
to interface Ethernet
DT1
MAC 00-01-02-03-04-06
IP 192.168.0.1
to interface Ethernet1/0/4
Ethernet1/0/4
Ethernet1/0/5
Ethernet1/0/5 Ethernet1/0/4
0-01-0 2-03-04-0 5
.168.0.3
rface Ethernet1/0/4
0 7
1/0/5
PC
PC
PC
LSA
LSB
DT3
MAC 0
IP 192
to inte
DT2
MAC 00-01-02-03-04-
IP 192.168.0.2
to interface Ethernet
DT1
MAC 00-01-02-03-04-06
IP 192.168.0.1
to interface Ethernet1/0/4
Ethernet1/0/4
Ethernet1/0/5
Ethernet1/0/5 Ethernet1/0/4
0-01-0 2-03-04-0 5
.168.0.3
rface Ethernet1/0/4
0 7
1/0/5
PC
PC
PC
LSA
LSB
DT3
MAC 0
IP 192
to inte
DT2
MAC 00-01-02-03-04-
IP 192.168.0.2
to interface Ethernet
DT1
MAC 00-01-02-03-04-06
IP 192.168.0.1
to interface Ethernet1/0/4
Ethernet1/0/4
Ethernet1/0/5
Ethernet1/0/5 Ethernet1/0/4
0-01-0 2-03-04-0 5
.168.0.3
rface Ethernet1/0/4
0 7
1/0/5
g
Figure 1-1
Network diagram for MAC-IP-port bindin
III. Configuration Procedure
1) Configure LSA
# Configure port Ethernet 1/0/4 of LSA to allow only IP packets with the source MAC
address of 00-01-02-03-04-05 and the source IP address of 192.168.0.3 to pass.
<Sysname> system-view
[Sysname] interface ethernet 1/0/4
[Sysname-Ethernet1/0/4] user-bind mac-addr 0001-0203-0405 ip-addr
192.168.0.3
[Sysname-Ethernet1/0/4] quit
# Configure port Ethernet 1/0/5 of LSA to allow only IP packets with the source MAC
address of 00-01-02-03-04-06 and the source IP address of 192.168.0.1 to pass.
[Sysname] interface ethernet 1/0/5
[Sysname-Ethernet1/0/5] user-bind mac-addr 0001-0203-0406 ip-addr
192.168.0.1
2) Configure LSB
# Configure port Ethernet 1/0/4 of LSB to allow only IP packets with the source MAC
address of 00-01-02-03-04-06 and the source IP address of 192.168.0.1 to pass.
<Sysname> system-view
[Sysname] user-bind mac-addr 0001-0203-0406 ip-addr 192.168.0.1 interface
ethernet 1/0/4
# Configure port Ethernet1/0/5 of LSB to allow only IP packets with the source MAC
address of 00-01-02-03-04-07 and the source IP address of 192.168.0.2 to pass.
Operation Manual – MAC-IP-Port Binding
H3C S3610&S5510 Series Ethernet Switches Chapter 1
MAC-IP-Port Binding Configuration
1-4
[Sysname] user-bind mac-addr 0001-0203-0407 ip-addr 192.168.0.2 interface
ethernet 1/0/5
-
1
-
2
-
3
-
4
-
5
H3C S3610 Series Operating instructions
- Type
- Operating instructions
- This manual is also suitable for
Ask a question and I''ll find the answer in the document
Finding information in a document is now easier with AI
Related papers
-
H3C S3610series Operating instructions
-
H3C S3610 Series Operating instructions
-
-
-
-
-
-
-
H3C S3610 Series Configuration
-
Other documents
-
3com S3610-52P Installation guide
-
-
Digisol DIGISOL 24/ 48 Port Gigabit Ethernet Access Layer 3 Switch User manual
-
-
Accton Technology ES4650 User manual
-
-
SMC Networks ES4710BD User manual
-
-
-
3com Router 6000 Series Command Reference Manual