Filter
Top Products
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
351
config address_binding ip_mac ports
cannot be enabled.
When the binding check state is enabled for IP packets and ARP packets received by this
port, the switch will check whether the IP address and MAC address matches the binding
entry. If the packet does not match it will be dropped.
For this function, the switch can operate in ACL mode or ARP mode. In ARP mode, only ARP
packets are checked for binding. In ACL mode, both ARP packets and IP packets are
checked for binding. Therefore, the ACL mode provides more strict checks for packets.
Parameters
state - This parameter configures the IMPB port state to be enabled or disabled. When the
state is enabled, the port will perform the binding check.
ipv6 - For “state enable ipv6”, only the IPv6 filter table applied to the driver.
For “state enable” without specifying “ipv6”, only the IPv4 filtering table is applied to driver.
For “state enable all”, both IPv4 and IPv6 filtering tables are applied to the driver.
For example, if IPv6 is enabled, but IPv4 is disabled, only the IPv6 Snooping entry is used to
create a HW filtering table, if the FDB is used as the HW filtering table, and one IPv6 entry is
allowed to be forwarded, all IPv4 packets get forwarded.
strict - Used to implement a mode of strict control. When strict control is used, all ARP and IP
broadcast packets are sent to the CPU and checked for IMPB before forwarding. Packets
with MAC addresses that match IMPB entries are set to dynamic state while MAC addresses
with no match are set to block. All other packets are dropped.
loose - Used to implement a more loose or less strict mode of control.
In loose mode, ARP and IP broadcast packets are sent to the CPU for IMPB checking.
Packets are forwarded unless the check finds a specified source MAC address that is
blocked. Packets with MAC addresses that match IMPB entries are set to dynamic state
while MAC addresses with no match are set to block. All other packets are bypassed.
allow_zeroip - Specify whether to allow ARP packets with a source IP address of 0.0.0.0. If
the IP address 0.0.0.0 is not configured in the binding list and this setting is enabled, ARP
packets with the source IP address of 0.0.0.0 will be allowed; If the IP address 0.0.0.0 is not
configured in the binding list and this setting is disabled, ARP packets with the source IP
address of 0.0.0.0 will not be allowed. This option does not affect the IMPB ACL Mode.
forward_dhcppkt - By default, DHCP packets with a broadcast DA will be flooded.
When set to disabled, the broadcast DHCP packet received by the specified port will not be
forwarded.
This setting is effective when DHCP Snooping is enabled, in this case DHCP packets trapped
by the CPU must be forwarded by the software.
This setting controls the forwarding behavior in this situation.
mode - When configuring the mode of the port to be ACL mode, the switch will create an ACL
access entry corresponding to the entries of the port. If the port changes to ARP mode, all
ACL access entries are deleted automatically. The default mode for a port is ARP mode.
stop_learning_threshold - When the number of blocked entries exceeds the threshold, the
port will stop learning new addresses. Packets with a new address will be dropped. The
range is 0-500. 0 means no limit.
Restrictions Only Administrator and Operator-level users can issue this command.
Example usage:
To enable IMPB on port 1: