NOTE:
To implement dynamic IPv4 source guard, make sure that DHCP snooping or DHCP relay is configured
•
and works normally. For DHCP configuration information, see the
Guide
.
If you configure dynamic IPv4 source guard on a port for multiple times, the last configuration will
•
overwrite the previous configuration on the port.
Setting the maximum number of IPv4 source guard entries
The maximum number of IPv4 source guard entries is used to limit the total number of static and dynamic
IPv4 source guard entries on a port. When the number of IPv4 binding entries on a port reaches the
maximum, the port does not allowed new IPv4 binding entries any more.
Follow these steps to configure the maximum number of IPv4 binding entries allowed on a port:
To do...
Enter system view
Enter Layer 2 Ethernet interface
view
Configure the maximum number of
IPv4 binding entries allowed on the
port
NOTE:
If the maximum number of IPv4 binding entries to be configured is smaller than the number of existing IPv4
binding entries on the port, the maximum number can be configured successfully and the existing entries
will not be affected. New IPv4 binding entries, however, cannot be added more unless the number of IPv4
binding entries on the port drops below the configured maximum.
Configuring IPv6 source guard
NOTE:
You cannot configure the IP source guard function on a port in an aggregation group, nor can you add a
port configured with IP source guard to an aggregation group.
Configuring static IPv6 source guard
Follow the steps to configure a port-based static IPv6 source guard entry:
To do...
Enter system view
Enter Layer 2 Ethernet interface
view
Use the command...
system-view
interface interface-type
interface-number
ip check source max-entries
number
Use the command...
system-view
interface interface-type
interface-number
293
Layer 3—IP Services Configuration
Remarks
—
—
Optional
256 by default.
Remarks
—
—