316
Dynamic IPv6 source guard
IPv6 source guard on an interface obtains information from DHCPv6 snooping entries to generate IPv6
source guard binding entries for packet filtering.
For more information about DHCPv6 snooping, see Layer 3—IP Services Configuration Guide.
IP source guard configuration task list
To configure IPv4 source guard, perform the following tasks:
Tasks at a
lance
(Required.) Enabling IPv4 source guard on an interface
(Optional.) Configuring a static IPv4 source guard binding entry
To configure IPv6 source guard, perform the following tasks:
Tasks at a
lance
(Required.) Enabling IPv6 source guard on an interface
(Optional.) Configuring a static IPv6 source guard binding entry
Configuring the IPv4 source guard function
You cannot configure the IPv4 source guard function on a service loopback interface. If IPv4 source
guard is enabled on an interface, you cannot assign the interface to a service loopback group.
Enabling IPv4 source guard on an interface
You must first enable the IPv4 source guard function on an interface for the IP source guard to take effect.
All matching criteria in a static IPv4 source guard binding entry are used by IP source guard to filter
packets. For information about static binding entry configuration, see "Configuring a static IPv4 source
gu
ar
d binding entry."
A dynamic IPv4 source guard binding entry can include MAC address, IPv4 address, VLAN tag, ingress
interface, and entry type. The entry type identifies the source module for the binding entry, such as DHCP
snooping and DHCP relay. Dynamic IP source guard uses the entries to filter incoming IPv4 packets
based on the matching criteria specified in the ip verify source command. If a match is found, the packet
is forwarded.
To implement dynamic IPv4 source guard, make sure the DHCP snooping or DHCP relay function
operates correctly on the network.
To enable the IPv4 source guard function on an interface:
Ste
Command
Remarks
1. Enter system view.
system-view
N/A
To Next Page
Loading...
Need help?
General
