C
HAPTER
24
| General Security Measures
IPv6 Source Guard
– 922 –
entry type is static IPv6 source guard binding, the packet will be
forwarded.
â–
If ND snooping or DHCPv6 snooping is enabled, IPv6 source guard
will check the VLAN ID, source IP address, and port number. If a
matching entry is found in the binding table and the entry type is
static IPv6 source guard binding, dynamic ND snooping binding, or
dynamic DHCPv6 snooping binding, the packet will be forwarded.
â–
If IPv6 source guard if enabled on an interface for which IPv6
source bindings (dynamically learned via ND snooping or DHCPv6
snooping, or manually configured) are not yet configured, the
switch will drop all IPv6 traffic on that port, except for ND packets
and DHCPv6 packets.
â–
Only IPv6 global unicast addresses are accepted for static bindings.
EXAMPLE
This example enables IP source guard on port 5.
Console(config)#interface ethernet 1/5
Console(config-if)#ipv6 source-guard sip
Console(config-if)#
RELATED COMMANDS
ipv6 source-guard binding (919)
ipv6 dhcp snooping (903)
ipv6 dhcp snooping vlan (907)
ipv6 source-guard
max-binding
This command sets the maximum number of entries that can be bound to
an interface. Use the no form to restore the default setting.
SYNTAX
ipv6 source-guard max-binding number
no ipv6 source-guard max-binding
number - The maximum number of IPv6 addresses that can be
mapped to an interface in the binding table. (Range: 1-5)
DEFAULT SETTING
5
COMMAND MODE
Interface Configuration (Ethernet)
COMMAND USAGE
â—† This command sets the maximum number of address entries that can
be mapped to an interface in the binding table, including both dynamic
entries discovered by ND snooping, DHCPv6 snooping, and static
entries set by the ipv6 source-guard command.
To Next Page
Loading...
Need help?
General
