Task
Configuring IPv4 source guard on a port
Configuring a static IPv4 source guard entry
Setting the maximum number of IPv4 source guard binding entries
Complete the following tasks to configure IPv6 source guard:
Task
Configuring IPv6 source guard on a port
Configuring a static IPv6 source guard entry
Setting the maximum number of IPv6 source guard entries
Configuring the IPv4 source guard function
You cannot enable IPv4 source guard on a link aggregation member port or a service loopback group.
If IPv4 source guard is enabled on a port, you cannot assign the port to a link aggregation group or a
service loopback group.
Configuring IPv4 source guard on a port
The IPv4 source guard function must be configured on a port before the port can obtain dynamic IPv4
source guard entries and use static and dynamic IPv4 source guard entries to filter packets.
For how to configure a static binding entry, see
•
On a Layer 2 Ethernet port, IP source guard can cooperates with DHCP snooping and 802.1X to
•
generate IP source guard entries.
•
On a VLAN interface, IP source guard can cooperate with only DHCP relay to generate IP source
guard entries.
Dynamic IPv4 source guard entries can contain such information as the MAC address, IP address, VLAN
tag, ingress port information, and entry type (DHCP snooping or DHCP relay), where the MAC address,
IP address, or VLAN tag information might not be included depending on your configuration. IP source
guard applies these entries to the port to filter packets.
To generate IPv4 binding entries dynamically based on DHCP entries, make sure that DHCP snooping or
DHCP relay is configured and operating correctly. For information about DHCP snooping configuration
and DHCP relay configuration, see Layer 3—IP Services Configuration Guide.
If you repeatedly configure the IPv4 source guard function multiple times on a port, only the most recent
configuration takes effect.
To configure the IPv4 source guard function on a port:
Step
Enter system view.
1.
2.
Enable 802.1X globally.
"Configuring a static IPv4 source guard
Command
system-view
dot1x
353
Remarks
Required
Optional
Optional
Remarks
Required
Optional
Optional
Remarks
N/A
Optional.
By default, 802.1X is disabled
globally.
entry."