The current network defects: As the current network management is relatively loose, IP management is not perfect, the client can be accessed arbitrarily, the external unit personnel can set the PC device to the corresponding network segment can also access, so it is difficult to manage the current network management And security risks, customers want to bind all client IPs and MACs in this network transformation. Unbound clients cannot access the network. No operation is performed on the server network segment (that is, the network segment is not affected). ;
Solution: According to the requirements of the customer, common methods can be used to bind IP+MAC+ ports on the access switch of the client. Other unused ports are closed. However, this method needs to log in to the access switch one by one to operate, due to the early construction of the network. The network transformation time is far away. Some access switch account passwords have been forgotten, and are now production networks. If you crack passwords one by one, it will inevitably cause network interruption.
In the network environment, both the client and the server have a specific VLAN division. Therefore, the DHCP snooping static binding table on the Huawei S5700 core switch is used to implement IP-to-MAC interface binding. The specific configuration idea is to configure the static state in the VLAN first. The binding table binds the client's IP address and MAC address, and then configures IP and ARP packet inspection on the interface connected to the access switch.
Huawei MA5600T Series OLTs Supplier - ChuChengCisco WS X6708 10G 3C 8 Port 10GE X2 Module with DFC3CCisco WS X6148 GE TX Gigabit Switch Module