Configuring The Ipv6 Source Guard Function; Configuring Ipv6 Source Guard On A Port - HP 5500 HI Series Configuration Manual
Security
Hide thumbs
Also See for 5500 HI Series:
- Installation manual (72 pages) ,
- Compliance and safety manual (62 pages) ,
- Quickspecs (35 pages)
Table of Contents
Advertisement
Step
2.
Enter Layer 2 Ethernet
interface view.
3.
Configure the maximum
number of IPv4 binding
entries allowed on the port.
Configuring the IPv6 source guard function
You cannot enable IPv6 source guard on a link aggregation member port or a service loopback port. If
IPv6 source guard is enabled on a port, you cannot assign the port to a link aggregation group or a
service loopback group.
Configuring IPv6 source guard on a port
The IPv6 source guard function must be configured on a port before the port can obtain dynamic IPv6
source guard entries and use static and dynamic IPv6 source guard entries to filter packets.
For how to configure a static IPv6 static binding entry, see
•
entry."
•
Cooperating with DHCPv6 snooping, IP source guard dynamically generates IP source guard
entries based on the DHCPv6 snooping entries that are generated during dynamic IP address
allocation.
Cooperating with ND snooping, IP source guard dynamically generates IP source guard entries
•
based on dynamic ND snooping entries.
Dynamic IPv6 source guard entries can contain such information as the MAC address, IPv6 address,
VLAN tag, ingress port information and entry type (DHCPv6 snooping or ND snooping), where the MAC
address, IPv6 address, and/or VLAN tag information might not be included depending on your
configuration. IP source guard applies these entries to the port, so that the port can filter packets
accordingly.
When you configure IPv6 source guard, follow these guidelines:
•
If you repeatedly configure the IPv6 source guard function, only the last configuration takes effect.
To obtain dynamic IPv6 source guard entries, make sure that DHCPv6 snooping or ND snooping is
•
configured and operating correctly. For DHCPv6 and ND snooping configuration information, see
Layer 3—IP Services Configuration Guide.
If you configure both ND snooping and DHCPv6 snooping on the device, IPv6 source guard uses
•
the type of entries that generated first. Because DHCPv6 snooping entries are usually generated first
in such a case, IPv6 source guard usually uses the DHCPv6 snooping entries to filter packets on a
port.
To configure the IPv6 source guard function on a port:
Step
1.
Enter system view.
Command
interface interface-type
interface-number
ip verify source max-entries
number
Command
system-view
356
Remarks
N/A
Optional.
By default, the maximum number of
IPv4 source guard entries allowed
on a port is 2048.
"Configuring a static IPv6 source guard
Remarks
N/A
- Quick Links:
- Configuration Guide
- Configuring Aaa
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
