Table of Contents
Advertisement
interface
ethernet unit/port
unit - Unit identifier. (Range: 1)
port - Port number. (Range: 1-28)
D
S
EFAULT
ETTING
No configured entries
C
M
OMMAND
ODE
Global Configuration
C
U
OMMAND
SAGE
Table entries include an associated MAC address, IPv6 global unicast
◆
address, lease time, entry type (Static-IP-SG-Binding, Dynamic-ND-
Binding, Dynamic-DHCPv6-Binding), VLAN identifier, and port identifier.
Traffic filtering is based only on the source IPv6 address, VLAN ID, and
◆
port number.
All static entries are configured with an infinite lease time, which is
◆
indicated with a value of zero by the
(page
1144).
When source guard is enabled, traffic is filtered based upon dynamic
◆
entries learned via ND snooping, DHCPv6 snooping, or static addresses
configured in the source guard binding table with this command.
Static bindings are processed as follows:
◆
If there is no entry with same and MAC address and IPv6 address, a
■
new entry is added to binding table using static IP source guard
binding.
If there is an entry with same MAC address and IPv6 address, and
■
the type of entry is static IP source guard binding, then the new
entry will replace the old one.
If there is an entry with same MAC address and IPv6 address, and
■
the type of the entry is either a dynamic ND snooping binding or
DHCPv6 snooping binding, then the new entry will replace the old
one and the entry type will be changed to static IP source guard
binding.
E
XAMPLE
This example configures a static source-guard binding on port 5.
Console(config)#ipv6 source-guard binding 00-ab-11-cd-23-45 vlan 1 2001::1
interface ethernet 1/5
Console(config)#
– 1141 –
| General Security Measures
C
29
HAPTER
IPv6 Source Guard
show ipv6 source-guard
command
Advertisement
Chapters
Table of Contents
