Port Address binding and port image [Digital China]

Port Address binding: [port-based MAC Address binding]
There are two ways to bind a MAC address to a network device: Port-based MAC Address binding and IP address-based MAC Address binding, the port, MAC address, and IP address are bound at the same time ). The former is mainly configured on the vswitch, and the latter can be configured on both the vswitch and the firewall. After you bind a MAC address based on the vswitch port, only the MAC address host can access the bound vswitch port to prevent other hosts from accessing the host on the port, only packets with the correct MAC address and IP Address binding are allowed for normal network communication, to prevent other IP address users from impersonating legitimate users' MAC addresses. If both the port, MAC address, and IP address are bound, only data packets that meet the binding relationship can access the corresponding port.
Lab line connection diagram:

 
DCRS-5526S configuration background:
If PC1 can communicate only when it is connected to port e0/0/1 of the vswitch, You need to configure port binding to bind the MAC address of PC1 to the port to be set.
Switch # config
Switch (Config) # hostname SwitchA
SwitchA (Config) # vlan 10
SwitchA (Config-Vlan10) # switchport interface ethernet 0/0/1-24
SwitchA (Config-Vlan10) # exit
SwitchA (Config) # mac-address-table static address 00-30-18-A0-0B-C8 vlan 10 interface ethernet 0/0/1
// Here we will use the MAC address table settings
Test:
When PC1 is connected to the first port of the vswitch, the connection between PC1 and pc2. if PC1 is changed to another port, the connection fails.
Port Mirroring: it is a method to mirror the data of one or more ports (VLANs) of a vswitch to one or more ports. Because the IDS product needs to be deployed to monitor network traffic (as well as network analyzer), it is quite difficult to monitor all traffic in the widely used switching network, therefore, you must configure a vswitch to forward data from one or more ports (VLANs) to a specific port for network listening.
Lab line connection diagram: omitted.

DCRS-5526S configuration background:
-Mirror 1 and 3 vswitches to 20
Monitor -- configure the port image; session -- configure a port image; mirror event number <1-100> source -- mirror source port; destination -- mirror destination port; both -- manage sent and received traffic; rx -- only manage received traffic; tx -- only manage sent traffic
Configuration:
SwitchA (Config) # monitor session 1 source interface ethernet 0/0/1
SwitchA (Config) # monitor session 1 source interface ethernet 0/0/3
SwitchA (Config) # monitor session 1 destination interface ethernet 0/0/20
Author: "Daily Yunhui"