FAQ: The ip source check user-bind enable command executed in a VLAN view causes service interruption

[Problem Description]
1. Symptom
The ip source check user-bind enable command executed in a VLAN view causes service interruption.
2. Networking
Terminal �?S2700 �?S5700 (Gateway)
3. Configuration
#
dhcp enable
dhcp snooping enable
user-bind static ip-address 192.168.34.10 mac-address 80fa-0367-db33
#
vlan 34
dhcp snooping enable
ip source check user-bind enable
#
interface Ethernet0/0/2
port link-type access
port default vlan 34
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
[Alarm]
None.
[Troubleshooting]
Delete the ip source check user-bind enable command from the VLAN view and then run this command in an interface view to restore the services.
[Root Cause]
If a command is executed in the VLAN view, the command takes effect for all packets received by all interfaces in the VLAN, including the uplink interface GigabitEthernet0/0/1. Source IP addresses of Layer 3 packets received by the uplink interface are different, and the source MAC addresses are the MAC address of the S5700 switch. The packets that do not match any binding entry are discarded, causing service interruption.
[Summary and Suggestions]
1. Using the ip source check user-bind enable command or other commands related to IPSG in the VLAN view causes service interruption.
2. Before using the commands in the VLAN view, run the user-bind static mac-address command to bind the MAC address and IP address of the Layer 3 interface of the uplink gateway.

Scroll to top