294
To do… Use the command… Remarks
Configure a static IPv6 source
guard entry for the port
user-bind ipv6 { ip-address
ipv6-address |
ip-address ipv6-address
mac-address mac-address |
mac-address mac-address } [ vlan
vlan-id ]
Required
No static IPv6 source guard entry
exists on a port by default.
NOTE:
• You cannot configure the same static binding entry on one port repeatedly, but you can confi
ure the
same static binding entry on different ports.
• In an IPv6 source guard entry, the MAC address cannot be all 0s, all Fs (a broadcast MAC address), o
a multicast address, and the IPv6 address must be a unicast address and cannot be all 0s, all Fs, or a
loopback address.
• When the ND detection function is configured, be sure to specify the VLAN where ND detection is
configured in static binding entries. Otherwise, ND packets will be discarded because they cannot
match any static IPv6 binding entry.
• When you configure a static bindin
entry, if its content is the same as that of a dynamic bindin
entr
in the system, the static binding entry overwrites the dynamic binding entry.
Configuring dynamic IPv6 source guard
With dynamic IPv6 source guard enabled on a Layer 2 port, IP source guard dynamically generates IP
source guard entries through cooperation with DHCPv6 snooping or ND snooping.
• Cooperating with DHCPv6 snooping, IP source guard dynamically generates IP source guard
entries based on the DHCPv6 snooping entries that are generated during dynamic IP address
allocation.
• Cooperating with ND snooping, IP source guard dynamically generates IP source guard entries
based on dynamic ND snooping entries.
Dynamic IPv6 source guard entries can contain such information as MAC address, IPv6 address, VLAN
tag, ingress port information and entry type (DHCPv6 snooping or ND snooping), where the MAC
address, IPv6 address, and/or VLAN tag information may not be included depending on your
configuration. IP source guard applies these entries to the port, so that the port can filter packets.
Follow these steps to configure dynamic IPv6 source guard:
To do… Use the command…
Remarks
Enter system view system-view —
Enter interface view
interface interface-type
interface-number
—
Configure dynamic IPv6 source
guard
ip check source ipv6 { ip-address |
ip-address mac-address |
mac-address }
Required
Not configured by default
To Next Page
Loading...
Need help?
General