How to configure a binding table on a CE series switch

10

IP source guard (IPSG) enables a device to check IP packets against a binding table. Binding tables are classified into dynamic and static binding tables.
If user IP addresses are dynamically allocated through DHCP, configure the DHCP snooping function. If user IP addresses are statically configured, configure a static binding table manually.
1. For users who dynamically obtain IP addresses through DHCP:

<HUAWEI> system-view
[~HUAWEI] dhcp enable //Enable DHCP globally.
[*HUAWEI] dhcp snooping enable //Enable DHCP snooping globally.
[*HUAWEI] interface 10ge 1/0/1
[*HUAWEI-10GE1/0/1] dhcp snooping enable //Enable DHCP snooping on 10GE1/0/1.
[*HUAWEI-10GE1/0/1] dhcp snooping trusted //Configure 10GE1/0/1 as a trusted interface.
[*HUAWEI-10GE1/0/1] commit
2. For users who use static IP addresses:
<HUAWEI> system-view
[~HUAWEI] user-bind static ip-address 1.1.1.1 mac-address 2-2-2 interface 10ge 1/0/1
[*HUAWEI] commit

Other related questions:
Configure binding tables for IPSG (user-bind binding tables) on S series switches
Configure a binding table for IPSG (user-bind binding table) on an S series switch (except the S1700) as follows: �?Static binding table A static binding entry contains at least one of the following: IP address, MAC address, interface, VLAN, and IP address and MAC address. An interface cannot be bound to a VLAN to form a binding entry. For example, configure a static binding entry of VLAN 2 and IP address 1.1.1.1. [HUAWEI] user-bind static ip-address 1.1.1.1 vlan 2 Note: Static binding entries can be configured only in the system view. �?Dynamic binding table Enable DHCP snooping globally and on an interface. Generally, the interface directly or indirectly connected to the DHCP server or gateway is configured as a trusted interface. After DHCP snooping is enabled and the trusted interface is configured, user-side interfaces automatically generate dynamic binding entries based on received DHCP ACK packets. For example, enable DHCP snooping globally and on GE0/0/1, and configure G0/0/1 as a trusted interface. [HUAWEI] dhcp enable [HUAWEI] dhcp snooping enable [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] dhcp snooping enable [HUAWEI-GigabitEthernet0/0/1] dhcp snooping trusted Note: If both DHCP relay and VRRP are configured on a switch, DHCP snooping cannot be enabled. DHCP snooping cannot be enabled if the DHCP server is at the subordinate VLAN side and the DHCP client is at the principle VLAN side. After DHCP snooping is configured, the switch generates DHCP snooping entries for the hosts when the hosts go online again. Then IPSG takes effect. If you enable IPSG before the switch generates DHCP snooping dynamic binding entries, the switch rejects all packets except DHCP Request packets. In this situation, the hosts with dynamic IP addresses cannot communicate with each other. Therefore, before enabling the IPSG function, configure the DHCP snooping function to enable the switch to generate dynamic binding entries.

Configure IPSG (for example, configure IP address and MAC address binding) for S series switches on the web page
For details on how to configure IPSG for S series switches (except the S1700) on the web page, see "IPSG Configuration" and "Static User Binding" in Web System Guide.

Delete entries in binding tables for IPSG (user-bind binding tables) on S series switches
Delete entries in a binding table for IPSG (user-bind binding table) on an S series switch (except the S1700) as follows: Binding entries include static entries and dynamic entries. Dynamic entries are automatically generated when DHCP snooping is enabled. To delete dynamic entries, disable DHCP snooping. Static entries are configured manually. To delete static entries, perform the following operations: 1. Run the display dhcp static user-bind all command to view all static binding entries on the switch. [HUAWEI] display dhcp static user-bind all 2. Delete binding entries as required. a. Delete the static binding entry of IP address 192.168.1.1. [HUAWEI] undo user-bind static ip-address 192.168.1.1 mac-address 0001-0001-0001 b. Delete the static binding entry of MAC address 0002-0002-0002. [HUAWEI]undo user-bind static mac-address 0002-0002-0002 c. Delete all static binding entries of GE0/0/1. [HUAWEI] undo user-bind static interface gigabitethernet 0/0/1 d. Delete all static binding entries in VLAN 10. [HUAWEI] undo user-bind static vlan 10 e. Delete all entries in the static binding table. [HUAWEI]undo user-bind static

Specifications of IPSG table entries on S series switches
Hi, I cannot answer this question. For details about product specifications, click http://e.huawei.com/en/service-hotline to look up the contact method of your local customer service engineers.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top