Configuring The Ipv6 Source Guard Function; Configuring Ipv6 Source Guard On A Port - HP 12500 Series Configuration Manual
Routing
Hide thumbs
Also See for 12500 Series:
- Configuration manual (402 pages) ,
- Network management and monitoring command reference (320 pages) ,
- Command reference manual (157 pages)
Table of Contents
Advertisement
Step
2.
Enter interface view.
3.
Set the maximum number of
IPv4 binding entries allowed
on the port.
Configuring the IPv6 source guard function
To configure IPv6 source guard, configure the acl ipv6 enable command first. For information about the
acl ipv6 enable command, see ACL and QoS Command Reference.
When an EB card is operating in standard ACL mode, the card does not support the IPv6 source guard
function. For more information about the standard ACL mode, see ACL and QoS Configuration Guide.
Configuring IPv6 source guard on a port
The IPv6 source guard function must be configured on a port before the port can obtain dynamic IPv6
source guard entries and use static and dynamic IPv6 source guard entries to filter packets.
For how to configure a static IPv6 static binding entry, see
•
entry."
Cooperating with DHCPv6 snooping, IP source guard dynamically generates IP source guard
•
entries based on the DHCPv6 snooping entries that are generated during dynamic IP address
allocation.
Cooperating with ND snooping, IP source guard dynamically generates IP source guard entries
•
based on dynamic ND snooping entries.
Dynamic IPv6 source guard entries can contain such information as MAC address, IPv6 address, VLAN
tag, ingress port information and entry type (DHCPv6 snooping or ND snooping), where the MAC
address, IPv6 address, and/or VLAN tag information may not be included depending on your
configuration. IP source guard applies these entries to the port, so that the port can filter packets
accordingly.
Although dynamic IPv6 source guard entries are generated based on DHCPv6 entries, the number of
dynamic IPv6 source guard entries is not necessarily the same as that of the DHCPv6 entries.
Configuration guidelines
If you configure the IPv6 source guard function on a port multiple times, the most recent
•
configuration takes effect.
To obtain dynamic IPv6 source guard entries, make sure that DHCPv6 snooping or ND snooping is
•
configured and works normally. For DHCPv6 and ND snooping configuration information, see
Layer 3—IP Services Configuration Guide.
•
If you configure both ND snooping and DHCPv6 snooping on the device, IPv6 source guard uses
the type of entries that generated first. Because DHCPv6 snooping entries are usually generated first
Command
interface interface-type
interface-number
ip verify source max-entries
number
253
Remarks
N/A
Optional.
By default, the maximum number
allowed on a port is that allowed
by the system. The maximum
number allowed by the system
varies by system working mode.
For more information about system
working modes, see Fundamentals
Configuration Guide.
"Configuring a static IPv6 source guard
Advertisement
Table of Contents
Troubleshooting
