R21xx-HP FlexFabric 11900 Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products

161

162

163

164

165

166

167

168

169

170

157

The keywords specified in the ip verify source command take effect only to dynamic IPv4 source guard

binding entries. They determine the information according to which the interface uses the dynamic IPv4

source guard binding entries to filter packets. For static IPv4 source guard binding entries, this command

only enables packet filtering on an interface. The interface filters packets according to the static IPv4

source guard binding entries configured by the user-bind command, instead of the keywords specified

in the ip verify source command.

Examples

# Enable IPv4 source guard on Layer 2 Ethernet port Ten-GigabitEthernet 1/0/1 to filter packets

received on the port based on the source IPv4 and MAC addresses.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] ip verify source ip-address mac-address

# Enable IPv4 source guard on VLAN-interface 100 to filter packets received on the interface based on

the source IPv4 and MAC addresses.

<Sysname> system-view

[Sysname] interface vlan-interface 100

[Sysname-Vlan-interface100] ip verify source ip-address mac-address

# Enable IPv4 source guard on Ten-GigabitEthernet 1/0/2 to filter packets received on the interface

based on the source IPv4 and MAC addresses.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/2

[Sysname-Ten-GigabitEthernet1/0/2] ip verify source ip-address mac-address

Related commands

display ip source binding

ipv6 source binding

Use ipv6 source binding to configure a static IPv6 source binding entry.

Use undo ipv6 source binding to delete the static IPv6 source guard binding entries configured on the

interface.

Syntax

ipv6 source binding ip-address ipv6-address [ mac-address mac-address ] [ vlan vlan-id ]

undo ipv6 source binding ip-address ipv6-address [ mac-address mac-address ] [ vlan vlan-id ]

Default

No static IPv6 source binding entry is configured on an interface.

Views

Layer 2 Ethernet interface view, Layer 3 Ethernet interface view, VLAN interface view

Predefined user roles

network-admin

Parameters

ip-address ipv6-address: Specifies an IPv6 address for the static binding entry. The IPv6 address cannot

be an all-zero address, a multicast address, or a loopback address.