Chapter 8
| General Security Measures
IPv6 Source Guard
– 317 –
â—† Static bindings are processed as follows:
â–
If there is no entry with same and MAC address and IPv6 address, a new
entry is added to binding table using static IPv6 source guard binding.
â–
If there is an entry with same MAC address and IPv6 address, and the type
of entry is static IPv6 source guard binding, then the new entry will replace
the old one.
â–
If there is an entry with same MAC address and IPv6 address, and the type
of the entry is either a dynamic ND snooping binding or DHCPv6 snooping
binding, then the new entry will replace the old one and the entry type will
be changed to static IPv6 source guard binding.
â–
Only unicast addresses are accepted for static bindings.
Example
This example configures a static source-guard binding on port 5.
Console(config)#ipv6 source-guard binding 00-ab-11-cd-23-45 vlan 1 2001::1
interface ethernet 1/5
Console(config)#
Related Commands
ipv6 source-guard (312)
ipv6 dhcp snooping (293)
ipv6 dhcp snooping vlan (298)
ipv6 source-guard This command configures the switch to filter inbound traffic based on the source IP
address stored in the binding table. Use the no form to disable this function.
Syntax
ipv6 source-guard sip
no ipv6 source-guard
Default Setting
Disabled
Command Mode
Interface Configuration (Ethernet)
Command Usage
â—† Source guard is used to filter traffic on an insecure port which receives
messages from outside the network or fire wall, and therefore may be subject
to traffic attacks caused by a host trying to use the IP address of a neighbor.
To Next Page
Loading...
Need help?
General