406
Dynamic IP source guard binding entries
Dynamic IP source guard binding entries are generated dynamically according to client entries on
the DHCP snooping device. They are applicable in cases where many hosts reside on a LAN and
obtain IP addresses through DHCP.
Once DHCP allocates an IP address to a client, the DHCP snooping device generates a snooping
entry. Based on the entry, IP source guard adds a binding entry automatically. It allows the client to
access the network. Users with IP addresses not obtained through DHCP cannot access the
network.
Dynamic IPv4 source guard binding entries are generated dynamically based on DHCP snooping
entries to filter incoming IPv4 packets on a port.
For information about DHCP snooping, see HPE FlexNetwork MSR Router Series Comware 5 Layer
3
—
IP Services Configuration Guide.
IPv4 source guard configuration task list
To configure IPv4 source guard:
Task Remarks
Enabling IPv4 source guard on a port
Required.
Configuring a static IPv4 source guard binding entry
Optional.
Setting the maximum number of IPv4 source guard binding entries
Optional.
Configuring IPv4 source guard
The following matrix shows the feature and hardware compatibility:
Hardware IPv4 source guard function IPv4 binding entries
Configured on
multiple ports
MSR900
Yes on Layer 2 fixed Ethernet
ports
Yes
Supports only static binding
entries.
Yes
MSR93X
Yes on Layer 2 fixed Ethernet
ports
Yes
Supports only dynamic
MAC-port binding entries.
Yes
MSR20-1X No No No
MSR20 No No No
MSR30
Yes on the following models:
• The MSR30 routers installed
with MIM-FSW or
DMIM-FSW modules
• The MSR30-11E Layer 2
fixed Ethernet ports
• The MSR30-11F Layer 2
fixed Ethernet ports
Yes
• MSR 30-10 routers
installed with XMIM-FSW
modules support only
MAC-port bindings.
• MSR30-11F Layer 2 fixed
Ethernet ports do not
support binding VLAN
information.
Yes
To Next Page
Loading...
Need help?
General
