When configuring IPSG for an S series switch using the user-bind command, must I specify interfaces or VLANs

16

When configuring IPSG for an S series switch using the user-bind command, you do not have to specify an interfaces or a VLAN, but you are advised to.

Other related questions:
Configure binding tables for IPSG (user-bind binding tables) on S series switches
Configure a binding table for IPSG (user-bind binding table) on an S series switch (except the S1700) as follows: �?Static binding table A static binding entry contains at least one of the following: IP address, MAC address, interface, VLAN, and IP address and MAC address. An interface cannot be bound to a VLAN to form a binding entry. For example, configure a static binding entry of VLAN 2 and IP address 1.1.1.1. [HUAWEI] user-bind static ip-address 1.1.1.1 vlan 2 Note: Static binding entries can be configured only in the system view. �?Dynamic binding table Enable DHCP snooping globally and on an interface. Generally, the interface directly or indirectly connected to the DHCP server or gateway is configured as a trusted interface. After DHCP snooping is enabled and the trusted interface is configured, user-side interfaces automatically generate dynamic binding entries based on received DHCP ACK packets. For example, enable DHCP snooping globally and on GE0/0/1, and configure G0/0/1 as a trusted interface. [HUAWEI] dhcp enable [HUAWEI] dhcp snooping enable [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] dhcp snooping enable [HUAWEI-GigabitEthernet0/0/1] dhcp snooping trusted Note: If both DHCP relay and VRRP are configured on a switch, DHCP snooping cannot be enabled. DHCP snooping cannot be enabled if the DHCP server is at the subordinate VLAN side and the DHCP client is at the principle VLAN side. After DHCP snooping is configured, the switch generates DHCP snooping entries for the hosts when the hosts go online again. Then IPSG takes effect. If you enable IPSG before the switch generates DHCP snooping dynamic binding entries, the switch rejects all packets except DHCP Request packets. In this situation, the hosts with dynamic IP addresses cannot communicate with each other. Therefore, before enabling the IPSG function, configure the DHCP snooping function to enable the switch to generate dynamic binding entries.

In which views can IPSG be enabled on S series switches
IPSG can be enabled on an S series switch (except the S1700) in an interface or a VLAN view. Interface views include the Ethernet interface view, GE interface view, 40GE interface view, XGE interface view, 100GE interface view, Eth-Trunk interface view, and port group view. Example 1: Enable IPSG in the GE0/0/1 view. [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] ip source check user-bind enable Example 2: Enable IPSG in the VLAN 100 view. [HUAWEI] vlan 100 [HUAWEI-vlan100] ip source check user-bind enable

Delete entries in binding tables for IPSG (user-bind binding tables) on S series switches
Delete entries in a binding table for IPSG (user-bind binding table) on an S series switch (except the S1700) as follows: Binding entries include static entries and dynamic entries. Dynamic entries are automatically generated when DHCP snooping is enabled. To delete dynamic entries, disable DHCP snooping. Static entries are configured manually. To delete static entries, perform the following operations: 1. Run the display dhcp static user-bind all command to view all static binding entries on the switch. [HUAWEI] display dhcp static user-bind all 2. Delete binding entries as required. a. Delete the static binding entry of IP address 192.168.1.1. [HUAWEI] undo user-bind static ip-address 192.168.1.1 mac-address 0001-0001-0001 b. Delete the static binding entry of MAC address 0002-0002-0002. [HUAWEI]undo user-bind static mac-address 0002-0002-0002 c. Delete all static binding entries of GE0/0/1. [HUAWEI] undo user-bind static interface gigabitethernet 0/0/1 d. Delete all static binding entries in VLAN 10. [HUAWEI] undo user-bind static vlan 10 e. Delete all entries in the static binding table. [HUAWEI]undo user-bind static

Check binding tables for IPSG on S series switches
You can check binding tables for IPSG on S series switches (except S1700 switches) as follows: 1. Run the display dhcp static user-bind all command to check static binding entries. 2. Run the display dhcp snooping user-bind all command to check dynamic DHCP snooping binding entries.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top