Manualshelf

R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
421422423424425426427428429430
25
Follow these guidelines when you enable IPv4 source guard on a port:
You cannot enable IPv4 source guard on a link aggregation member port. If IPv4 source guard is
enabled on a port, you cannot assign the port to a link aggregation group.
The keyword specified in the ip verify source command is only for instructing the generation of
dynamic IPv4 source guard entries. It does not affect static IP source guard entries. When using a
static source guard entry, a port does not take the keyword into consideration.
If you configure the ip verify source command on a port multiple times, the most recent
configuration takes effect.
To generate IPv4 source guard entries dynamically based on DHCP entries, make sure DHCP
snooping or DHCP relay is configured and working normally. For information about DHCP
snooping configuration and DHCP relay configuration, see Layer 3—IP Services Configuration
Guide.
To enable IPv4 source guard on a port:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type
interface-number
N/A
3. Enable IPv4 source guard on
the port.
ip verify source { ip-address |
ip-address mac-address |
mac-address }
Disabled by default.
NOTE:
A
lthou
g
h dynamic IPv4 source guard entries are generated based on DHCP entries, the number of
dynamic IPv4 source guard entries is not necessarily the same as that of the DHCP entries.
Configuring a static IPv4 source guard entry
Static IPv4 binding entries take effect only on the ports configured with the IPv4 source guard function
(see "Enabling IPv4 source guard on a port")
.
Follow these guidelines when you configure a port-based static IPv4 binding entry:
You cannot repeatedly configure the same static binding entry on one port, but you can configure
the same static entry on different ports.
If a static binding entry to be added denotes the same binding as an existing dynamic binding entry,
the new static binding entry overwrites the dynamic binding entry.
To configure a static IPv4 binding entry on a port:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type
interface-number
N/A