How to bind the IP address, MAC address, and interface

Created: Jun 14, 2019 10:50:50Latest reply: Jun 20, 2019 18:32:47 86 2 0 0
  Rewarded Hi-coins: 0 (problem resolved)

How to bind the IP address, MAC address, and interface

  • x
  • convention:

Featured Answers
Moderator Official Created Jun 14, 2019 10:51:11 Helpful(0) Helpful(0)

The Switch implements binding between an interface and a MAC address through the traffic policy and DHCP snooping. Then the interface allows only the packets with the bound MAC address and packets matching the DHCP snooping binding table to pass through.

For example, to configure Ethernet 0/0/1 to allow only the packets with the source MAC address being 0-02-02 apart from of the packets matching the DHCP snooping binding table, and discard other packets, do as follows:

# Enable DHCP snooping globally.

[HUAWEI] dhcp snooping enable# Create an ACL that permits only the packets with the source MAC address being 0-02-02.

[HUAWEI] acl 4000
[HUAWEI-acl-L2-4000] rule permit source-mac 0-02-02 ffff-ffff-ffff
[HUAWEI-acl-L2-4000] rule deny# Create a traffic classifier that matches ACL 4000.

[HUAWEI] traffic classifier c1
[HUAWEI-classifier-c1] if-match acl 4000# Create a traffic behavior and a traffic policy.

[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] permit
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1# Apply the traffic policy to Ethernet 0/0/1 so that the interface allows only the packets with the source MAC address 0-02-02 to pass through apart from of the packets matching the DHCP snooping binding table.

In V100R005C00 and later versions, the configuration is as follows:

[HUAWEI] interface Ethernet 0/0/1
[HUAWEI-Ethernet0/0/1] port default vlan 4094
[HUAWEI-Ethernet0/0/1] ip source check user-bind enable
[HUAWEI-Ethernet0/0/1] traffic-policy p1 inbound
  • x
  • convention:

All Answers
All_About_Switch Moderator Official Created Jun 14, 2019 10:51:11 Helpful(0) Helpful(0)

The Switch implements binding between an interface and a MAC address through the traffic policy and DHCP snooping. Then the interface allows only the packets with the bound MAC address and packets matching the DHCP snooping binding table to pass through.

For example, to configure Ethernet 0/0/1 to allow only the packets with the source MAC address being 0-02-02 apart from of the packets matching the DHCP snooping binding table, and discard other packets, do as follows:

# Enable DHCP snooping globally.

[HUAWEI] dhcp snooping enable# Create an ACL that permits only the packets with the source MAC address being 0-02-02.

[HUAWEI] acl 4000
[HUAWEI-acl-L2-4000] rule permit source-mac 0-02-02 ffff-ffff-ffff
[HUAWEI-acl-L2-4000] rule deny# Create a traffic classifier that matches ACL 4000.

[HUAWEI] traffic classifier c1
[HUAWEI-classifier-c1] if-match acl 4000# Create a traffic behavior and a traffic policy.

[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] permit
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1# Apply the traffic policy to Ethernet 0/0/1 so that the interface allows only the packets with the source MAC address 0-02-02 to pass through apart from of the packets matching the DHCP snooping binding table.

In V100R005C00 and later versions, the configuration is as follows:

[HUAWEI] interface Ethernet 0/0/1
[HUAWEI-Ethernet0/0/1] port default vlan 4094
[HUAWEI-Ethernet0/0/1] ip source check user-bind enable
[HUAWEI-Ethernet0/0/1] traffic-policy p1 inbound
  • x
  • convention:

yogijain MVE Created Jun 20, 2019 18:32:47 Helpful(0) Helpful(0)

:)
  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top