Operation Manual – IP Source GuardH3C S5500-EI Series Ethernet Switches Chapter 1 IP Source Guard Configuration1-1Chapter 1 IP Source Guard ConfigurationWhen configuring IP Source Guard, go to these sections for information you areinterested in:z IP Source Guard Overviewz Configuring a Static Binding Entryz Configuring Dynamic Binding Functionz Displaying IP Source Guardz IP Source Guard Configuration Examplesz Troubleshooting1.1 IP Source Guard OverviewBy filtering packets on a per-port basis, IP source guard prevents packets with illegal IPaddresses and MAC addresses from traveling through, improving the network security.After receiving a packet, the port looks up the key attributes (including IP address, MACaddress and VLAN tag) of the packet in the binding entries of the IP source guard. Ifthere is a matching entry, the port will forward the packet. Otherwise, the port willabandon the packet.IP source guard filters packets based on the following types of binding entries:z IP-port binding entryz MAC-port binding entryz IP-MAC-port binding entryYou can manually set static binding entries, or use DHCP Snooping to provide dynamicbinding entries. Binding is on a per-port basis. After a binding entry is configured on aport, it is effective only to the port, instead of other ports.Caution:IP source guard and aggregation group configuration are mutually exclusive.1.2 Configuring a Static Binding EntryFollow these steps to configure a static binding entry: