NOTE:
You cannot configure the same static binding entry on one interface, but you can configure the same
•
static binding entry on different interfaces.
For packet filtering on an interface, IP source guard ignores the VLAN information (if specified) in static
•
IPv4 source guard binding entries. To cooperate with ARP detection, you must specify the VLAN where
ARP detection is configured in static IPv4 source guard binding entries. Otherwise, ARP packets will be
discarded because they cannot match any static IPv4 entry. For more information about the ARP
detection function, see
Configuring the IPv6 source guard function
You cannot configure the IPv6 source guard function on a service loopback interface. If IPv6 source
guard is enabled on an interface, you cannot assign the interface to a service loopback group.
Enabling IPv6 source guard on an interface
You must first enable the IPv6 source guard function on an interface before the interface can use static
IPv6 binding entries to filter packets. For information about how to configure a static IPv6 binding entry,
see
"Configuring a static IPv6 source guard binding entry on an
To enable the IPv6 source guard function on an interface:
Step
1.
Enter system view.
2.
Enter interface view.
3.
Enable the IPv6 source guard
function.
Configuring a static IPv6 source guard binding entry on an
interface
Step
1.
Enter system view.
2.
Enter interface view.
Security Configuration Guide
Command
system-view
interface interface-type
interface-number
ipv6 verify source ip-address
[ mac-address ]
Command
system-view
interface interface-type
interface-number
164
.
interface."
Remarks
N/A
These types of interfaces are
supported: Ethernet port and VLAN
interface.
By default, the function is disabled
on an interface.
Remarks
N/A
These types of interfaces are supported:
Ethernet interface and VLAN interface.