The ip source check user-bind enable command enables IP packet check.
The undo ip source check user-bind enable command disables IP packet check.
By default, IP packet check is disabled.
ip source check user-bind enable
undo ip source check user-bind enable
ipv4 source check user-bind enable
undo ipv4 source check user-bind enable
ipv6 source check user-bind enable
undo ipv6 source check user-bind enable
VLAN view, Ethernet interface view, GE interface view, XGE interface view, 25GE interface view, MultiGE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, port group view
Usage Scenario
Unauthorized users often send bogus packets with the source IP address and MAC address of authorized users to access or attack the network. Then authorized users cannot access stable and secure networks. To address this problem, you can configure IP packet check.
When IP packet check is enabled, the device checks the IP address, MAC address, VLAN information, and interface information against the binding table. You can run the ip source check user-bind check-item or ip source check user-bind check-item command to specify IP packet check items. Only packets that match the binding entries can be forwarded; otherwise, packets are discarded.
Prerequisites
Precautions
ipv4 source check user-bind enable ipv6 source check user-bind enable
To check only IPv4 or IPv6 packets, run the ipv4 source check user-bind enable or ipv6 source check user-bind enable command.
# Enable IPv4 and IPv6 packet check on GE0/0/1.
<HUAWEI> system-view [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] ip source check user-bind enable
# Enable IPv4 packet check on GE0/0/1.
<HUAWEI> system-view [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] ipv4 source check user-bind enable