156IP source guard configuration examplesBy default, Ethernet, VLAN, and aggregate interfaces are in the state of DOWN. To configure such aninterface, use the undo shutdown command to bring it up first.Static IP source guard binding entry configuration exampleNetwork requirementsAs shown in Figure 52, Host A and Host B are connected to ports GigabitEthernet 3/0/2 andGigabitEthernet 3/0/1 of Switch B respectively, Host C is connected to port GigabitEthernet3/0/2 of Switch A, and Switch B is connected to port GigabitEthernet 3/0/1 of Switch A.Configure static binding entries on Switch A and Switch B to meet the following requirements:• On port GigabitEthernet 3/0/2 of Switch A, only IP packets from Host C can pass.• On port GigabitEthernet 3/0/1 of Switch A, only IP packets from Host A can pass.• On port GigabitEthernet 3/0/2 of Switch B, only IP packets from Host A can pass.• On port GigabitEthernet 3/0/1 of Switch B, only IP packets from Host B can pass.Figure 52 Network diagram for configuring static binding entriesIP: 192.168.0.3/24MAC : 00-01-02-03-04-05IP: 192.168.0.1/24MAC: 00-01-02-03-04-06Host AIP: 192.168.0.2/24MAC: 00-01-02-03-04-07Host BHost CGE3/0/2GE3/0/1Switch ASwitch BGE3/0/1GE3/0/2Configuration procedure1. Configure Switch AConfigure the IP addresses of various interfaces (omitted).Configure port GigabitEthernet 3/0/2 of Switch A to allow only IP packets with the source MACaddress of 00-01-02-03-04-05 and the source IP address of 192.168.0.3 to pass. system-view[SwitchA] interface gigabitethernet 3/0/2[SwitchA-GigabitEthernet3/0/2] user-bind ip-address 192.168.0.3 mac-address 0001-0203-0405[SwitchA-GigabitEthernet3/0/2] quit