Dynamic Ip Source Guard Binding Entries; Ip Source Guard Configuration Task List; Configuring The Ipv4 Source Guard Function; Configuring Ipv4 Source Guard On A Port - HP A5830 Series Configuration Manual
Security switch
Hide thumbs
Also See for A5830 Series:
- Command reference manual (249 pages) ,
- Configuration manual (246 pages) ,
- Configuration manual (152 pages)
Table of Contents
Advertisement
Port-based static binding entries are used to check the validity of users who are trying to access a port.
Dynamic IP source guard binding entries
Dynamic IP source guard entries are generated dynamically according to client entries on the DHCP
snooping or DHCP relay agent device. They are suitable for scenarios where many hosts reside on a
LAN and obtain IP addresses through DHCP. Once DHCP allocates an IP address to a client, IP source
guard automatically adds the client entry to allow the client to access the network. A user who is using
an IP address not obtained through DHCP cannot access the network. Dynamic IPv6 source guard
entries can also be obtained from client entries on the ND snooping device.
Dynamic IPv4 source guard binding entries are generated dynamically based on DHCP snooping
•
or DHCP relay entries to filter incoming IPv4 packets on a port.
Dynamic IPv6 source guard binding entries are generated dynamically based on DHCPv6
•
snooping or ND snooping entries to filter incoming IPv6 packets on a port.
For information about DHCP snooping, DHCP relay, DHCPv6 snooping, and ND snooping, see Layer
3—IP Services Configuration Guide.
IP source guard configuration task list
Complete the following tasks to configure IPv4 source guard binding:
Task
Configuring IPv4 source guard on a port
Configuring a static IPv4 source guard binding entry
Setting the maximum number of IPv4 source guard binding entries
Complete the following tasks to configure IPv6 source guard binding:
Task
Configuring IPv6 source guard on a port
Configuring a static IPv6 source guard binding entry
Setting the maximum number of IPv6 source guard binding entries
Configuring the IPv4 source guard function
You cannot configure the IPv4 source guard function on a port in an aggregation group or a service
loopback group, nor can you add a port configured with IP source guard to an aggregation group or a
service loopback group.
Configuring IPv4 source guard on a port
The IPv4 source guard function must be configured on a port before the port can obtain dynamic IPv4
source guard binding entries and use static and dynamic IPv4 source guard entries to filter packets.
For information about how to configure a static binding entry, see
guard binding
entry."
Remarks
Required
Optional
Optional
Remarks
Required
Optional
Optional
209
"Configuring a static IPv4 source
Advertisement
Table of Contents
Troubleshooting
