C
HAPTER
13
| Security Measures
IPv6 Source Guard
– 407 –
COMMAND USAGE
◆ Traffic filtering is based only on the source IPv6 address, VLAN ID, and
port number.
◆ Static addresses entered in the source guard binding table are
automatically configured with an infinite lease time.
◆ When source guard is enabled, traffic is filtered based upon dynamic
entries learned via ND snooping, DHCPv6 snooping, or static addresses
configured in the source guard binding table.
◆ Static bindings are processed as follows:
■
If there is no entry with same and MAC address and IPv6 address, a
new entry is added to binding table using static IPv6 source guard
binding.
■
If there is an entry with same MAC address and IPv6 address, and
the type of entry is static IPv6 source guard binding, then the new
entry will replace the old one.
■
If there is an entry with same MAC address and IPv6 address, and
the type of the entry is either a dynamic ND snooping binding or
DHCPv6 snooping binding, then the new entry will replace the old
one and the entry type will be changed to static IPv6 source guard
binding.
■
Only unicast addresses are accepted for static bindings.
PARAMETERS
These parameters are displayed:
Add
◆ Port – The port to which a static entry is bound.
◆ VLAN – ID of a configured VLAN (Range: 1-4094)
◆ MAC Address – A valid unicast MAC address.
◆ IPv6 Address – A valid global unicast IPv6 address. This address must
be entered according to RFC 2373 “IPv6 Addressing Architecture,” using
8 colon-separated 16-bit hexadecimal values. One double colon may be
used in the address to indicate the appropriate number of zeros
required to fill the undefined fields.
Show
◆ VLAN – VLAN to which this entry is bound.
◆ MAC Address – Physical address associated with the entry.
◆ Interface – The port to which this entry is bound.
To Next Page
Loading...
Need help?
General
