ip source check user-bind enable (network enhanced profile view)
Function
The ip source check user-bind enable command configures IP packet checking in a network enhanced profile.
The undo ip source check user-bind enable command cancels IP packet checking in a network enhanced profile.
By default, IP packet checking is not configured in a network enhanced profile.
This command can only be executed on a parent switch.
Usage Guidelines
Usage Scenario
# ip source check user-bind enable ip source check user-bind alarm enable #
When attackers steal authorized users' IP addresses or MAC addresses to send packets to access or attack networks, authorized users cannot obtain stable and secure network services. After configuring IP packet checking on a device, the device checks received IP packets against the binding table to prevent such attacks.
Prerequisites
DHCP snooping has been enabled in the network enhanced profile using the dhcp snooping enable command.
Precautions
When an AS is an S2750-EI, S5700-10P-LI, or S5700-10P-PWR-LI and works in Layer 3 hardware forwarding mode, the ip source check user-bind enable command does not take effect on the AS. Because an AS performs only Layer 2 forwarding in an SVF system, you are advised to run the undo assign forward-mode command to cancel the Layer 3 hardware forwarding mode and then connect the AS to the SVF system.