EasyManuals Logo
Home>HPE>Network Router>FlexNetwork MSR Series

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #420 background imageLoading...
Page #420 background image
407
Hardware IPv4 source guard function IPv4 binding entries
Configured on
multiple ports
MSR50
Yes on MSR50 routers installed
with FIC-FSW or DFIC-FSW
modules
Yes Yes
MSR1000
Yes on Layer 2 fixed Ethernet
ports
Yes
Layer 2 fixed Ethernet ports
support only static MAC-port
binding entries.
Yes
NOTE:
You cannot configure the IP source guard function on a port in an aggregation group, or vice versa.
Enabling IPv4 source guard on a port
The IPv4 source guard function must be enabled on a port before the port can obtain dynamic IPv4
source guard binding entries and use static and dynamic IPv4 source guard binding entries to filter
packets.
• For information about how to configure a static binding entry, see "Configuring a static IPv4
so
urce guard binding entry."
• On a Layer 2 Ethernet port, IP source guard cooperates with DHCP snooping to obtain the
DHCP snooping entries dynamically generated during dynamic IP address allocation, and uses
the DHCP snooping entries to generate IP source guard binding entries.
Dynamic IPv4 source guard binding entries can contain such information as the MAC address, IP
address, VLAN tag, ingress port information, and entry type (DHCP snooping), where the MAC
address, IP address, or VLAN tag information might not be included depending on your configuration.
IP source guard applies these entries to the port to filter packets.
Follow these guidelines when you enable IPv4 source guard on a port:
• If you configure the ip verify source command on a port multiple times, the most recent
configuration takes effect.
• To generate IPv4 source guard binding entries dynamically based on DHCP entries, make sure
DHCP snooping is configured and working correctly. For information about DHCP snooping
configuration, see HPE FlexNetwork MSR Router Series Comware 5 Layer 3—IP Services
Configuration Guide.
To enable IPv4 source guard on a port:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter interface view.
interface
interface-type
interface-number
N/A
3. Enable IPv4 source guard
on the port.
ip verify source
{
ip-address
|
ip-address
mac-address
|
mac-address
}
Disabled by default.

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals