端口显示ip

知攻击检测及防范端口安全MAC地址认证孔天娇2014-04-28发表S5810交换机IPSourceGuard典型配置S5810产品IPSourceGuard功能的配置一、组网需求:SwitchA通过端口GigabitEthernet1/0/1,GigabitEthernet1/0/2,GigabitEthernet1/0/3和GigabitEthernet1/0/4分别与客户端HostA,HostB,HostC和DHCPServer相连.
具体应用需求如下:HostA的MAC地址为00-01-02-03-04-05,IP地址通过手工配置,为192.
168.
0.
1/24.
HostB,HostC通过DHCPServer动态获取IP地址.
SwitchA上开启DHCPSnooping功能,记录客户端的DHCPSnooping表项.
SwitchA的端口GigabitEthernet1/0/1上配置静态绑定表项,只允许HostA发送的报文通过,在端口GigabitEthernet1/0/2,端口GigabitEthernet1/0/3上开启IPSourceGuard动态绑定功能,防止客户端使用伪造的不同源IP地址对服务器进行攻击.
二、组网图:三、配置步骤:配置在SwitchA的GigabitEthernet1/0/1上只允许MAC地址为00-01-02-03-04-05,IP地址为192.
168.
0.
3的HostA发送的IP报文通过.
system-view[SwitchA]interfacegigabitethernet1/0/1[SwitchA-GigabitEthernet1/0/1]user-bindip-address192.
168.
0.
1mac-address0001-0203-0405[SwitchA-GigabitEthernet1/0/1]quit设置与DHCP服务器相连的端口GigabitEthernet1/0/2为信任端口.
[SwitchA]interfaceGigabitEthernet1/0/4[SwitchA-GigabitEthernet1/0/4]dhcp-snoopingtrust[SwitchA-GigabitEthernet1/0/4]quit开启DHCPSnooping功能.
[SwitchA]dhcp-snooping配置端口GigabitEthernet1/0/2的动态绑定功能.
system-view[SwitchA]interfaceGigabitEthernet1/0/2[SwitchA-GigabitEthernet1/0/2]ipchecksourceip-addressmac-address[SwitchA-GigabitEthernet1/0/2]quit配置端口GigabitEthernet1/0/3的动态绑定功能.
system-view[SwitchA]interfaceGigabitEthernet1/0/3[SwitchA-GigabitEthernet1/0/3]ipchecksourceip-addressmac-address[SwitchA-GigabitEthernet1/0/3]quit验证配置结果显示IPSourceGuard获取的动态表项.
displayipchecksourceThefollowinguseraddressbindingshavebeenconfigured:MACIPVlanPortStatus0001-0203-0406192.
168.
0.
21GigabitEthernet1/0/2DHCP-SNP0001-0203-0407192.
168.
0.
31GigabitEthernet1/0/3DHCP-SNP2bindingentriesqueried,2listed-显示DHCPSnooping表项,查看其是否和IPSourceGuard获取的动态表项一致.
displaydhcp-snoopingDHCPSnoopingisenabled.
Theclientbindingtableforalluntrustedports.
Type:D--Dynamic,S--StaticTypeIPAddressMACAddressLeaseVLANInterfaceD192.
168.
0.
20001-0203-0406863351GigabitEthernet1/0/2D192.
168.
0.
30001-0203-0407863351GigabitEthernet1/0/3从以上显示信息可以看出,端口GigabitEthernet1/0/2,GigabitEthernet1/0/3在配置IPSourceGuard动态绑定功能之后获取了DHCPSnooping表项.
四、配置关键点:无