Setting The Maximum Number Of Ipv4 Source Guard Entries; Configuring The Ipv6 Source Guard Function; Configuring Ipv6 Source Guard On A Port - H3C S5500-EI Series Security Configuration Manual
Hide thumbs
Also See for S5500-EI Series:
- Operation manual (1529 pages) ,
- Configuration manual (490 pages) ,
- Quick start manual (91 pages)
Table of Contents
Advertisement
Setting the maximum number of IPv4 source guard entries
The maximum number of IPv4 source guard entries is used to limit the total number of static and dynamic
IPv4 source guard entries on a port. When the number of IPv4 binding entries on a port reaches the
maximum, the port does not allowed new IPv4 binding entries any more.
If the maximum number of IPv4 binding entries to be configured is smaller than the number of existing
IPv4 binding entries on the port, the maximum number can be configured successfully, and the existing
entries are not affected. New IPv4 binding entries, however, cannot be added until the number of IPv4
binding entries on the port drops below the configured maximum.
To configure the maximum number of IPv4 binding entries allowed on a port:
Step
1.
Enter system view.
2.
Enter Layer 2 Ethernet
interface view.
3.
Configure the maximum
number of IPv4 binding
entries allowed on the port.
Configuring the IPv6 source guard function
You cannot enable IPv6 source guard on a link aggregation member port or a service loopback port. If
IPv6 source guard is enabled on a port, you cannot assign the port to a link aggregation group or a
service loopback group.
Configuring IPv6 source guard on a port
The IPv6 source guard function must be configured on a port before the port can obtain dynamic IPv6
source guard entries and use static and dynamic IPv6 source guard entries to filter packets.
For how to configure a static IPv6 static binding entry, see
•
entry."
Cooperating with DHCPv6 snooping, IP source guard dynamically generates IP source guard
•
entries based on the DHCPv6 snooping entries that are generated during dynamic IP address
allocation.
Cooperating with ND snooping, IP source guard dynamically generates IP source guard entries
•
based on dynamic ND snooping entries.
Dynamic IPv6 source guard entries can contain such information as the MAC address, IPv6 address,
VLAN tag, ingress port information and entry type (DHCPv6 snooping or ND snooping), where the MAC
address, IPv6 address, and/or VLAN tag information may not be included depending on your
configuration. IP source guard applies these entries to the port, so that the port can filter packets
accordingly.
Follow these guidelines when you configure IPv6 source guard:
If you repeatedly configure the IPv6 source guard function, only the last configuration takes effect.
•
Command
system-view
interface interface-type
interface-number
ip verify source max-entries
number
368
Remarks
N/A
N/A
Optional.
By default, the maximum number is
1500 on the S5500-EI series and
640 on the S5500-SI series.
"Configuring a static IPv6 source guard
Advertisement
Table of Contents
Troubleshooting
