< Home

ip source check user-bind check-item (interface view)

Function

The ip source check user-bind check-item command configures IP packet check items on an interface.

The undo ip source check user-bind check-item command restores the default IP packet check items.

By default, the check items contain the IP address, MAC address, VLAN and interface information..

Format

ip source check user-bind check-item { ip-address | mac-address | vlan } *

undo ip source check user-bind check-item

Parameters

Parameter Description Value
ip-address Checks whether the IP address of an IP packet matches a binding entry. -
mac-address Checks whether the MAC address of an IP packet matches a binding entry. -
vlan Checks whether VLAN information of an IP packet matches a binding entry. -

Views

VLAN view, Ethernet interface view, GE interface view, XGE interface view, 25GE interface view, MultiGE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, port group view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When you check an IP packet against the binding table, run the ip source check user-bind check-item (interface view) command to specify items in the IP packet to be checked on a specified interface. When the device receives an IP packet, it checks the items against the binding table. Only packets that match the binding entries can be forwarded; otherwise, packets are discarded. The optional check items of an IP packet contain the source IP address, source MAC address, and VLAN information. Interface information is a mandatory check item.

Prerequisites

IP packet check has been enabled using the ip source check user-bind enable command in the interface view.

Precautions

When a large number of binding entries exist, it may take a long time to check IP packets, reducing forwarding efficiency.

This command is valid only for dynamic binding entries. The device checks the received packets against entries in the static binding table.

Example

# Enable IP packet check on GE0/0/1 to check whether the IP address in the IP packet matches the binding entry.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] ip source check user-bind enable
[HUAWEI-GigabitEthernet0/0/1] ip source check user-bind check-item ip-address
Parent Topic: IP Source Guard Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >