Table of Contents
Advertisement
snooping or DHCPv6 snooping, or static addresses configured in the
source guard binding table. The port allows only IPv6 traffic with a
matching entry in the binding table and denies all other IPv6 traffic.
Table entries include a MAC address, IPv6 global unicast address, entry
◆
type (Static-IPv6-SG-Binding, Dynamic-ND-Binding, Dynamic-DHCPv6-
Binding), VLAN identifier, and port identifier.
Static addresses entered in the source guard binding table (using the
◆
Static Binding page) are automatically configured with an infinite lease
time. Dynamic entries learned via DHCPv6 snooping are configured by
the DHCPv6 server itself.
If IPv6 source guard is enabled, an inbound packet's source IPv6
◆
address will be checked against the binding table. If no matching entry
is found, the packet will be dropped.
Filtering rules are implemented as follows:
◆
If ND snooping and DHCPv6 snooping are disabled, IPv6 source
■
guard will check the VLAN ID, source IPv6 address, and port
number. If a matching entry is found in the binding table and the
entry type is static IPv6 source guard binding, the packet will be
forwarded.
If ND snooping or DHCP snooping is enabled, IPv6 source guard will
■
check the VLAN ID, source IP address, and port number. If a
matching entry is found in the binding table and the entry type is
static IPv6 source guard binding, dynamic ND snooping binding, or
dynamic DHCPv6 snooping binding, the packet will be forwarded.
If IP source guard if enabled on an interface for which IPv6 source
■
bindings (dynamically learned via ND snooping or DHCPv6
snooping, or manually configured) are not yet configured, the
switch will drop all IPv6 traffic on that port, except for ND packets
and DHCPv6 packets.
Only IPv6 global unicast addresses are accepted for static bindings.
■
P
ARAMETERS
These parameters are displayed:
Port – Port identifier. (Range: 1-28)
◆
Filter Type – Configures the switch to filter inbound traffic based on
◆
the following options. (Default: Disabled)
Disabled – Disables IPv6 source guard filtering on the port.
■
SIP – Enables traffic filtering based on IPv6 global unicast source
■
IPv6 addresses stored in the binding table.
Max Binding Entry – The maximum number of entries that can be
◆
bound to an interface. (Range: 1-5; Default: 5)
– 405 –
| Security Measures
C
13
HAPTER
IPv6 Source Guard
- Quick Links:
- Connecting to the Switch
- Console Connection
Hide quick links:
Advertisement
Chapters
Table of Contents
