Chapter 12
| Security Measures
IPv6 Source Guard
– 377 –
◆ Static addresses entered in the source guard binding table are automatically
configured with an infinite lease time.
◆ When source guard is enabled, traffic is filtered based upon dynamic entries
learned via ND snooping, DHCPv6 snooping, or static addresses configured in
the source guard binding table.
◆ Static bindings are processed as follows:
■
If there is no entry with same and MAC address and IPv6 address, a new
entry is added to binding table using static IPv6 source guard binding.
■
If there is an entry with same MAC address and IPv6 address, and the type
of entry is static IPv6 source guard binding, then the new entry will replace
the old one.
■
If there is an entry with same MAC address and IPv6 address, and the type
of the entry is either a dynamic ND snooping binding or DHCPv6 snooping
binding, then the new entry will replace the old one and the entry type will
be changed to static IPv6 source guard binding.
■
Only unicast addresses are accepted for static bindings.
Parameters
These parameters are displayed:
Add
◆ Port – The port to which a static entry is bound.
◆ VLAN – ID of a configured VLAN (Range: 1-4094)
◆ MAC Address – A valid unicast MAC address.
◆ IPv6 Address – A valid global unicast IPv6 address. This address must be
entered according to RFC 2373 “IPv6 Addressing Architecture,” using 8 colon-
separated 16-bit hexadecimal values. One double colon may be used in the
address to indicate the appropriate number of zeros required to fill the
undefined fields.
Show
◆ VLAN – VLAN to which this entry is bound.
◆ MAC Address – Physical address associated with the entry.
◆ Interface – The port to which this entry is bound.
◆ IPv6 Address – IPv6 address corresponding to the client.
◆ Type – Shows the entry type:
■
DHCP – Dynamic DHCPv6 binding, stateful address.
To Next Page
Loading...
Need help?
General