IP-MAC 绑定是指通过在设备上建立 IP 地址与 MAC 地址绑定表项实现对报文的过滤控制。该功能适用于防御主机仿冒攻击,可有效过滤攻击者通过仿冒合法用户主机的 IP 地址或者 MAC 地址向设备发送的伪造 IP 报文。
@开局全局IP-MAC地址
system-view
ip-mac binding enable
@接口开启全局IP-MAC地址
interface G1/0/1
ip-mac binding enable
@手动绑定IP-MAC
(IPv4 网络)
ip-mac binding ipv4 ipv4-address mac-address mac-address [ vlan vlan-id
| vpn-instance vpn-instance-name ]
(IPv6 网络)
ip-mac binding ipv6 ipv6-address mac-address mac-address [ vlan vlan-id
| vpn-instance vpn-instance-name ]
@批量生成IP-MAC绑定表项
ip-mac binding interface interface-type interface-number
@默认操作
ip-mac binding no-match action deny
@维护
- 显示IPv4-MAC绑定表项
- display ip-mac binding ipv4 [ ipv4-address ][ mac-address mac-address ] [ vlan vlan-id |vpn-instance vpn-instance-name ]
- 显示IPv6-MAC绑定表项
- display ip-mac binding ipv6 [ ipv6-address ][ mac-address mac-address ] [ vlan vlan-id |vpn-instance vpn-instance-name ]
- 显示IP-MAC绑定功能过滤报文的统计信息
- display ip-mac binding statistics [ slotslot-number ]
- 显示IP-MAC绑定功能状态
- display ip-mac binding status
- 清除IP-MAC绑定功能过滤报文的统计信息
- reset ip-mac binding statistics [ slotslot-number ]