Command Line Reference
Security Configuration
User Binding Rule Configuration
8 min
user binding rule configuration show user bind counter \[command] show user bind counter \[ interface name ] clear user bind counter \[purpose] show packet loss statistics for packets inspection function \[view] system view \[notes] statistics of packets dropped due to unhit table entries after enabling ipsg/ipsgv6/arp detection/savi function sonic# show user bind counter interface drop packets \ vlan400 0 show user bind rule \[command] show user bind rule \[purpose] view static binding table information \[view] system view sonic# show user bind rule vlan mac ip interface \ vlan100 00 11 22 33 11 11 10 1 1 10 ethernet1 show user bind config \[command] show user bind config \[purpose] display packet inspection function alarms and alarm threshold related configuration \[view] system view sonic# show user bind config + + + + \| interface | alarm | alarm threshold | +============+========+===================+ \| vlan400 | true | 100 | + + + + user bind rule \[command] user bind rule { a b c d | a b } nn\ nn\ nn\ nn\ nn \ nn { interface id } { vlan id } no user bind rule { a b c d | a b } nn\ nn\ nn\ nn\ nn \ nn { interface id } { vlan id } \[purpose] configure static binding tables \[parameter] parameter description a b c d | a b \<a b> nn\ nn\ nn\ nn\ nn\ nn mac address interface id interface id vlan id vlan id \[view] system configuration view \[user scenario] for terminals with statically configured ip address, snooping table entries cannot be generated, and all packets are discarded when the packet inspection function is enabled in order not to affect the online operation of such terminals, user need to use this command to configure the static binding table sonic(config)# user bind rule 10 1 1 10 00 11 22 33 11 11 1 800 user bind alarm enable \[command] user bind alarm enable no user bind alarm enable \[purpose] enable the packet inspection alarm function \[view] interface view,vlan view \[user scenario] when this feature is enabled, when the packets discarded on the device due to the packet inspection function exceed the alarm threshold, a log is recorded by default, the alarm threshold is 100 sonic(config)# interface ethernet 1 sonic(config if 1)# user bind alarm enable user bind alarm threshold \[command] user bind alarm threshold \[purpose] configure the alarm threshold for the packet inspection function \[view] interface view,vlan view \[user scenario] when this feature is enabled, when the packets discarded on the device due to the packet inspection function exceed the alarm threshold, a log is recorded by default, the alarm threshold is 100 sonic(config)# interface ethernet 1 sonic(config if 1)# user bind alarm threshold 200
