R21xx-HP FlexFabric 11900 Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products

161

162

163

164

165

166

167

168

169

170

158

mac-address mac-address: Specifies a MAC address for the static binding entry. The MAC address must

be in H-H-H format, and cannot be all 0s, all Fs (a broadcast address), or a multicast address.

vlan vlan-id: Specifies a VLAN ID for the static binding entry. The value range for the vlan-id argument

is 1 to 4094. This option is only available in Layer 2 Ethernet interface view.

Usage guidelines

All the fields except the VLAN in a static IPv6 binding entry are used by IP source guard to filter packets.

You cannot configure static IPv6 source guard binding entries on an interface that is in a service

loopback group.

Examples

# On interface Ten-GigabitEthernet 1/0/1, configure a static IPv6 source binding entry to allow only the

packets whose source IPv6 address is 2001::1 and source MAC address is 0002-0002-0002 to pass.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] ipv6 source binding ip-address 2001::1 mac-address

0002-0002-0002

Related commands

display ipv6 source binding

ipv6 verify source

Use ipv6 verify source to enable the IPv6 source guard function.

Use undo ipv6 verify source to restore the default.

Syntax

ipv6 verify source ip-address [ mac-address ]

undo ipv6 verify source

Default

The IPv6 source guard function is disabled on an interface.

Views

Layer 2 Ethernet interface view, Layer 3 Ethernet interface view, VLAN interface view

Predefined user roles

network-admin

Parameters

ip-address: Binds source IPv6 addresses to the interface. With this keyword specified, IP source guard

filters packets received on the interface according to the source IPv6 addresses of the packets.

mac-address: Binds source MAC addresses to the interface. With this keyword specified, IP source guard

also checks the source MAC address of each packet received on the interface, and permits the packet

only when both the source IPv6 and MAC addresses of the packet match a dynamic binding entry.

Usage guidelines

After you enable IPv6 source guard on an interface, IP source guard can use static IPv6 source guard

binding entries to filter IPv6 packets received on the interface. If a packet matches an IP source guard

binding entry, IP source guard forwards the packet. Otherwise, it drops the packet.