Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
How to prevent users from...

How to prevent users from configuring static IP addresses without permission

Created: Aug 26, 2019 12:18:22Latest reply: Dec 10, 2021 12:16:03 1444 22 4 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

If I do not use NAC, allocate IP addresses using DHCP, how to prevent users from configuring static IP addresses without permission?


Like (4) Dislike (0) Favorite(0) Share Report
Previous: Use of AC and DC simultaneously.
Next: MPLS functions
Featured Answers

Best answer

(7) (0)
Popeye_Wang
Admin Created Aug 26, 2019 12:22:16

Hi Hobbit,
The DHCP Snooping function can generate dynamic binding entries. For users with static IP addresses, you can manually configure static binding entries. By checking the matching of the IP+MAC+ port in the binding table, the switch can prevent the user from setting the IP address without permission.
For example, all static IP users on the port Ethernet0/0/1 except the user with the static IP address of 10.10.10.2 and the MAC address of 0010-0010-0010 are not allowed to access the Internet. The configuration is as follows:

1.    Enable the DHCP Snooping function in the user VLAN.
[huawei]dhcp snooping enable
[huawei]vlan 100
[huawei-vlan10]dhcp snooping enable

2. Configure Static Binding Entries
[huawei]user-bind static ip-address 10.10.10. mac-address 0010-0010-0010 interface ethernet 0/0/1

3. Configure the packet check on the user-side interface.
[huawei]interface ethernet 0/0/1
[huawei-ethernet 0/0/1port link-type access
[huawei-ethernet 0/0/1port default vlan 100
[huawei-ethernet 0/0/1arp anti-attack check user-bind enable // Enable ARP check to prevent IP address conflicts caused by incorrect IP address configuration.
[huawei-ethernet 0/0/1ip source check user-bind enable  // Enable IP packet check to prevent unauthorized users from accessing the network.
View more
  • x
  • convention:

IndianKid
IndianKid Created Aug 29, 2021 12:35:49 (0) (0)
Very useful answer  
user_3894435
user_3894435 Created Aug 29, 2021 16:24:31 (0) (0)
Good  
user_4237671
user_4237671 Created Aug 29, 2021 16:29:51 (0) (0)
 
GhaziAsad
GhaziAsad Created Aug 29, 2021 16:30:00 (0) (0)
 
GhaziAsad
GhaziAsad Created Aug 29, 2021 16:30:10 (0) (0)
 
Saqib123
Saqib123 Created Sep 5, 2021 20:17:08 (0) (0)
 
chantha
chantha Created Sep 20, 2021 06:01:20 (0) (0)
 
shakeela
shakeela Created Sep 28, 2021 16:19:54 (0) (0)
 
ulrichwandja
ulrichwandja Reply IndianKid  Created Sep 28, 2021 17:34:10 (0) (0)
✌  
Irshadhussain
Irshadhussain Created Oct 13, 2021 17:05:19 (0) (0)
 
View more replies
12  
All Answers
(7) (0)
2#
Popeye_Wang
Popeye_Wang Admin Created Aug 26, 2019 12:22:16

Hi Hobbit,
The DHCP Snooping function can generate dynamic binding entries. For users with static IP addresses, you can manually configure static binding entries. By checking the matching of the IP+MAC+ port in the binding table, the switch can prevent the user from setting the IP address without permission.
For example, all static IP users on the port Ethernet0/0/1 except the user with the static IP address of 10.10.10.2 and the MAC address of 0010-0010-0010 are not allowed to access the Internet. The configuration is as follows:

1.    Enable the DHCP Snooping function in the user VLAN.
[huawei]dhcp snooping enable
[huawei]vlan 100
[huawei-vlan10]dhcp snooping enable

2. Configure Static Binding Entries
[huawei]user-bind static ip-address 10.10.10. mac-address 0010-0010-0010 interface ethernet 0/0/1

3. Configure the packet check on the user-side interface.
[huawei]interface ethernet 0/0/1
[huawei-ethernet 0/0/1port link-type access
[huawei-ethernet 0/0/1port default vlan 100
[huawei-ethernet 0/0/1arp anti-attack check user-bind enable // Enable ARP check to prevent IP address conflicts caused by incorrect IP address configuration.
[huawei-ethernet 0/0/1ip source check user-bind enable  // Enable IP packet check to prevent unauthorized users from accessing the network.
View more
  • x
  • convention:

IndianKid
IndianKid Created Aug 29, 2021 12:35:49 (0) (0)
Very useful answer  
user_3894435
user_3894435 Created Aug 29, 2021 16:24:31 (0) (0)
Good  
user_4237671
user_4237671 Created Aug 29, 2021 16:29:51 (0) (0)
 
GhaziAsad
GhaziAsad Created Aug 29, 2021 16:30:00 (0) (0)
 
GhaziAsad
GhaziAsad Created Aug 29, 2021 16:30:10 (0) (0)
 
Saqib123
Saqib123 Created Sep 5, 2021 20:17:08 (0) (0)
 
chantha
chantha Created Sep 20, 2021 06:01:20 (0) (0)
 
shakeela
shakeela Created Sep 28, 2021 16:19:54 (0) (0)
 
ulrichwandja
ulrichwandja Reply IndianKid  Created Sep 28, 2021 17:34:10 (0) (0)
✌  
Irshadhussain
Irshadhussain Created Oct 13, 2021 17:05:19 (0) (0)
 
View more replies
12  
(0) (0)
3#
user_4237671
user_4237671 Created Aug 29, 2021 16:29:57

Nice
View more
  • x
  • convention:

Saqib123
Saqib123 Created Sep 5, 2021 20:17:18 (0) (0)
 
Irshadhussain
Irshadhussain Created Oct 13, 2021 17:05:27 (0) (0)
 
sabahshahzad
sabahshahzad Created Oct 19, 2021 14:20:47 (0) (0)
 
(0) (0)
4#
chantha
chantha Created Sep 20, 2021 06:01:26

Good
View more
  • x
  • convention:

shakeela
shakeela Created Sep 28, 2021 16:20:01 (0) (0)
 
sabahshahzad
sabahshahzad Created Oct 19, 2021 14:20:53 (0) (0)
 
(0) (0)
5#
ulrichwandja
ulrichwandja Created Sep 28, 2021 17:33:46

Great
View more
  • x
  • convention:
(0) (0)
6#
Unicef
Unicef MVE Created Dec 10, 2021 12:16:03

Cool answer
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.