Configuring A Static Ipv4 Source Guard Binding Entry - HP 3600 v2 Series Security Configuration Manual
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (441 pages) ,
- Installation manual (62 pages)
Table of Contents
Advertisement
On a Layer 2 Ethernet port, IP source guard cooperates with DHCP snooping, dynamically obtains
•
the DHCP snooping entries generated during dynamic IP address allocation, and generates IP
source guard entries accordingly.
On a VLAN interface, IP source guard cooperates with DHCP relay, dynamically obtains the DHCP
•
relay entries generated during dynamic IP address allocation across network segments, and
generates IP source guard entries accordingly.
Dynamic IPv4 source guard entries can contain such information as the MAC address, IP address, VLAN
tag, ingress port information, and entry type (DHCP snooping or DHCP relay), where the MAC address,
IP address, or VLAN tag information may not be included depending on your configuration. IP source
guard applies these entries to the port to filter packets.
Follow these steps to configure the IPv4 source guard function on a port:
To do...
Enter system view
Enter interface view
Configure IPv4 source guard on
the port
NOTE:
To generate IPv4 binding entries dynamically based on DHCP entries, make sure that DHCP snooping or
•
DHCP relay is configured and working normally. For information about DHCP snooping configuration
and DHCP relay configuration, see
•
If you repeatedly configure the IPv4 source guard function on a port, only the last configuration takes
effect.
Although dynamic IPv4 source guard binding entries are generated based on DHCP entries, the number
•
of dynamic IPv4 source guard binding entries is not necessarily the same as that of the DHCP entries.
Configuring a static IPv4 source guard binding entry
Static IPv4 binding entries take effect only on the ports configured with the IPv4 source guard function
(see
"Configuring IPv4 source guard on a
Follow these steps to configure a static IPv4 binding entry on a port:
To do...
Enter system view
Enter Layer 2 interface view
Use the command...
system-view
interface interface-type
interface-number
ip verify source { ip-address |
ip-address mac-address |
mac-address }
Layer 3—IP Services Configuration Guide
port").
Use the command...
system-view
interface interface-type
interface-number
317
Remarks
—
The term interface collectively
refers to the following types of
ports and interfaces: Layer 2
Ethernet ports, VLAN interfaces,
and port groups.
Required
Not configured by default.
.
Remarks
—
—
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
