Can one IP address be bound to multiple MAC addresses in a binding table for IPSG on an S series switch

2

For S series switches, one IP address cannot be bound to multiple MAC address while one MAC address can be bound to multiple IP addresses.
- If you need to bind discontinuous IP addresses to a MAC address, enter 1 to 10 IP addresses in the command. For example, bind IP addresses 10.1.1.2, 10.1.1.5, and 10.1.1.12 to MAC address 0001-0001-0001.
[HUAWEI] user-bind static ip-address 10.1.1.2 10.1.1.5 10.1.1.12 mac-address 0001-0001-0001
- If you need to bind continuous IP addresses to a MAC address, enter 1 to 10 IP address segments in the command. The entered IP address segments cannot overlap. For example, bind IP address segments ranging from 10.2.1.1 to 10.2.1.10 and from 10.2.1.20 to 10.2.1.30 to MAC address 0002-0002-0002.
[HUAWEI] user-bind static ip-address 10.2.1.1 to 10.2.1.10 10.2.1.20 to 10.2.1.30 mac-address 0002-0002-0002

Other related questions:
Options in binding tables configured for IPSG on S series switches
Options in binding tables configured for IPSG on S series switches (except S1700 switches) include the following: With IPSG enabled, an S series switch (except the S1700) checks IP packets against options in a binding table, which can be combinations of source IP addresses, source MAC addresses, VLANs, and interfaces. The following bindings can be configured in an interface view: Interface and IP address Interface and MAC address Interface, IP address, and MAC address Interface, IP address, and VLAN Interface, MAC address, and VLAN Interface, IP address, MAC address, and VLAN The following bindings can be configured in a VLAN view: VLAN and IP address VLAN and MAC address VLAN, IP address, and MAC address VLAN, IP address, and interface VLAN, MAC address, and interface VLAN, IP address, MAC address, and interface

How to bind the IP address, MAC address, and interface
The Switch implements binding between an interface and a MAC address through the traffic policy and DHCP snooping. Then the interface allows only the packets with the bound MAC address and packets matching the DHCP snooping binding table to pass through. The Switch does support binding of IP address + MAC address + interface. For example, to configure Ethernet 0/0/1 to allow only the packets with the source MAC address being 0-02-02 apart from of the packets matching the DHCP snooping binding table, and discard other packets, do as follows: # Enable DHCP snooping globally. [HUAWEI] dhcp snooping enable# Create an ACL that permits only the packets with the source MAC address being 0-02-02. [HUAWEI] acl 4000 [HUAWEI-acl-L2-4000] rule permit source-mac 0-02-02 ffff-ffff-ffff [HUAWEI-acl-L2-4000] rule deny# Create a traffic classifier that matches ACL 4000. [HUAWEI] traffic classifier c1 [HUAWEI-classifier-c1] if-match acl 4000# Create a traffic behavior and a traffic policy. [HUAWEI] traffic behavior b1 [HUAWEI-behavior-b1] permit [HUAWEI] traffic policy p1 [HUAWEI-trafficpolicy-p1] classifier c1 behavior b1# Apply the traffic policy to Ethernet 0/0/1 so that the interface allows only the packets with the source MAC address 0-02-02 to pass through apart from of the packets matching the DHCP snooping binding table. In V100R005C00 and later versions, the configuration is as follows: [HUAWEI] interface Ethernet 0/0/1 [HUAWEI-Ethernet0/0/1] port default vlan 4094 [HUAWEI-Ethernet0/0/1] ip source check user-bind enable [HUAWEI-Ethernet0/0/1] traffic-policy p1 inbound

Configure IPSG (for example, configure IP address and MAC address binding) for S series switches on the web page
For details on how to configure IPSG for S series switches (except the S1700) on the web page, see "IPSG Configuration" and "Static User Binding" in Web System Guide.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top