Options in binding tables configured for IPSG on S series switches

22

Options in binding tables configured for IPSG on S series switches (except S1700 switches) include the following:
With IPSG enabled, an S series switch (except the S1700) checks IP packets against options in a binding table, which can be combinations of source IP addresses, source MAC addresses, VLANs, and interfaces.
The following bindings can be configured in an interface view:
Interface and IP address
Interface and MAC address
Interface, IP address, and MAC address
Interface, IP address, and VLAN
Interface, MAC address, and VLAN
Interface, IP address, MAC address, and VLAN

The following bindings can be configured in a VLAN view:
VLAN and IP address
VLAN and MAC address
VLAN, IP address, and MAC address
VLAN, IP address, and interface
VLAN, MAC address, and interface
VLAN, IP address, MAC address, and interface

Other related questions:
Configure binding tables for IPSG (user-bind binding tables) on S series switches
Configure a binding table for IPSG (user-bind binding table) on an S series switch (except the S1700) as follows: �?Static binding table A static binding entry contains at least one of the following: IP address, MAC address, interface, VLAN, and IP address and MAC address. An interface cannot be bound to a VLAN to form a binding entry. For example, configure a static binding entry of VLAN 2 and IP address 1.1.1.1. [HUAWEI] user-bind static ip-address 1.1.1.1 vlan 2 Note: Static binding entries can be configured only in the system view. �?Dynamic binding table Enable DHCP snooping globally and on an interface. Generally, the interface directly or indirectly connected to the DHCP server or gateway is configured as a trusted interface. After DHCP snooping is enabled and the trusted interface is configured, user-side interfaces automatically generate dynamic binding entries based on received DHCP ACK packets. For example, enable DHCP snooping globally and on GE0/0/1, and configure G0/0/1 as a trusted interface. [HUAWEI] dhcp enable [HUAWEI] dhcp snooping enable [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] dhcp snooping enable [HUAWEI-GigabitEthernet0/0/1] dhcp snooping trusted Note: If both DHCP relay and VRRP are configured on a switch, DHCP snooping cannot be enabled. DHCP snooping cannot be enabled if the DHCP server is at the subordinate VLAN side and the DHCP client is at the principle VLAN side. After DHCP snooping is configured, the switch generates DHCP snooping entries for the hosts when the hosts go online again. Then IPSG takes effect. If you enable IPSG before the switch generates DHCP snooping dynamic binding entries, the switch rejects all packets except DHCP Request packets. In this situation, the hosts with dynamic IP addresses cannot communicate with each other. Therefore, before enabling the IPSG function, configure the DHCP snooping function to enable the switch to generate dynamic binding entries.

Specifications of IPSG table entries on S series switches
Hi, I cannot answer this question. For details about product specifications, click http://e.huawei.com/en/service-hotline to look up the contact method of your local customer service engineers.

Delete entries in binding tables for IPSG (user-bind binding tables) on S series switches
Delete entries in a binding table for IPSG (user-bind binding table) on an S series switch (except the S1700) as follows: Binding entries include static entries and dynamic entries. Dynamic entries are automatically generated when DHCP snooping is enabled. To delete dynamic entries, disable DHCP snooping. Static entries are configured manually. To delete static entries, perform the following operations: 1. Run the display dhcp static user-bind all command to view all static binding entries on the switch. [HUAWEI] display dhcp static user-bind all 2. Delete binding entries as required. a. Delete the static binding entry of IP address 192.168.1.1. [HUAWEI] undo user-bind static ip-address 192.168.1.1 mac-address 0001-0001-0001 b. Delete the static binding entry of MAC address 0002-0002-0002. [HUAWEI]undo user-bind static mac-address 0002-0002-0002 c. Delete all static binding entries of GE0/0/1. [HUAWEI] undo user-bind static interface gigabitethernet 0/0/1 d. Delete all static binding entries in VLAN 10. [HUAWEI] undo user-bind static vlan 10 e. Delete all entries in the static binding table. [HUAWEI]undo user-bind static

Check binding tables for IPSG on S series switches
You can check binding tables for IPSG on S series switches (except S1700 switches) as follows: 1. Run the display dhcp static user-bind all command to check static binding entries. 2. Run the display dhcp snooping user-bind all command to check dynamic DHCP snooping binding entries.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top