Filter
Top Products
xStack® DES-3200 Series Layer 2 Ethernet Managed Switch CLI Reference Guide
366
46
IP-MAC-PORT BINDING COMMANDS
The IP network layer uses a four-byte address. The Ethernet link layer uses a six-byte MAC address. Binding these two address
types together allows the transmission of data between the layers. The primary purpose of IP-MAC-port binding is to restrict the
access to a switch to a number of authorized users. Only the authorized client can access the Switch’s port by checking the pair of
IP-MAC addresses with the pre-configured database. If an unauthorized user tries to access an IP-MAC-port binding enabled port,
the system will block the access by dropping its packet. The maximum number of IP-MAC-port binding entries is dependant on
chip capability (e.g. the ARP table size) and storage size of the device. For the Switch, the maximum value for the IP-MAC-port
binding ARP mode is 500. The creation of authorized users can be manually configured by CLI or Web. The function is port-
based, meaning a user can enable or disable the function on the individual port.
The IP-MAC-Port Binding commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in
the following table:
Command Parameters
create address_binding ip_mac
ipaddress
<ipaddr> mac_address <macaddr> {ports [<portlist> | all]}
config address_binding ip_mac
ipaddress
<ipaddr> mac_address <macaddr> {ports [<portlist> | all]}
config address_binding ip_mac
ports
[<portlist> | all] {state [enable {[strict | loose]} | disable ] | allow_zeroip [enable
| disable] | forward_dhcppkt [enable | disable] | mode [arp | acl ] |
stop_learning_threshold <int 0-500>} (1)
show address_binding {[ip_mac [all | ipaddress <ipaddr> mac_address <macaddr>] | blocked [all |
vlan_name <vlan_name> mac_address <macaddr>] | ports]}
delete address_binding [ip_mac [ipaddress <ipaddr> {mac_address <macaddr>} | all] | blocked [all |
vlan_name <vlan_name> mac_address <macaddr>]]
enable address_binding trap_log
disable address_binding trap_log
show address_binding
dhcp_snoop
{[max_entry {ports <portlist>} | binding_entry {port <port>}]}
enable address_binding
dhcp_snoop
disable address_binding
dhcp_snoop
clear address_binding
dhcp_snoop binding_entry ports
[<portlist> | all]
config address_binding
dhcp_snoop max_entry ports
[<portlist> | all] limit [<value 1-10> | no_limit]
config address_binding
recover_learning ports
[<portlist> | all]
enable address_binding
arp_inspection
disable address_binding
arp_inspection
Each command is listed, in detail, in the following sections:
create address_binding ip_mac ipaddress
Purpose
Used to create an IP-MAC-port binding entry.