Configuring The Ipv6 Source Guard Feature; Configuring Ipv6 Source Guard On An Interface - HP 3600 v2 Series Configuration Manual
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (441 pages) ,
- Security configuration manual (398 pages)
Table of Contents
Advertisement
Step
2.
Enter Layer 2 Ethernet
interface view.
3.
Set the maximum number of
IPv4 binding entries for the
interface.
Configuring the IPv6 source guard feature
You cannot enable IPv6 source guard on a link aggregation member port or a service loopback port. If
IPv6 source guard is enabled on a port, you cannot assign the port to a link aggregation group or a
service loopback group.
Configuring IPv6 source guard on an interface
The IPv6 source guard feature must be configured on an interface before the interface can obtain
dynamic IPv6 source guard binding entries and use static and dynamic IPv6 source guard binding
entries to filter packets.
For how to configure a static IPv6 static binding entry, see
•
binding
•
Cooperating with DHCPv6 snooping, IP source guard dynamically generates IP source guard
binding entries based on the DHCPv6 snooping entries that are generated during dynamic IP
address allocation.
Cooperating with ND snooping, IP source guard dynamically generates IP source guard binding
•
entries based on dynamic ND snooping entries.
Dynamic IPv6 source guard binding entries can contain such information as the MAC address, IPv6
address, VLAN tag, ingress port information and entry type (DHCPv6 snooping or ND snooping), where
the MAC address, IPv6 address, and/or VLAN tag information might not be included depending on
your configuration. IP source guard applies these entries to the interface, so that the interface can filter
packets accordingly.
Follow these guidelines when you configure IPv6 source guard:
•
If you configure the IPv6 source guard feature multiple times, only the most recent configuration
takes effect.
To obtain dynamic IPv6 source guard binding entries, make sure that DHCPv6 snooping or ND
•
snooping is configured and operating correctly. For DHCPv6 and ND snooping configuration
information, see Layer 3—IP Services Configuration Guide.
If you configure both ND snooping and DHCPv6 snooping on the device, IPv6 source guard uses
•
the type of entries that generated first. Because DHCPv6 snooping entries are usually generated first
in such a case, IPv6 source guard usually uses the DHCPv6 snooping entries to filter packets on an
interface.
To configure the IPv6 source guard feature on an interface:
Step
1.
Enter system view.
Command
interface interface-type
interface-number
ip verify source max-entries
number
entry."
Command
system-view
"Configuring a static IPv6 source guard
359
Remarks
N/A
Optional.
2048 by default.
Remarks
N/A
Advertisement
Table of Contents
Troubleshooting
