R21xx-HP FlexFabric 11900 Security Configuration Guide
116
Configuring a static IPv4 source guard binding entry on an
interface
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type
interface-number
These types of interfaces are supported:
Layer 2 Ethernet interface, Layer 3 Ethernet
port, and VLAN interface.
3. Configure a static IPv4
binding entry.
ip source binding ip-address
ip-address [ mac-address
mac-address ] [ vlan vlan-id ]
By default, no static IPv4 binding entry is
configured on an interface.
A VLAN ID is required if the static IPv4
binding entry is used in the ARP detection
function, and the specified VLAN must be
enabled with the ARP detection function.
Otherwise, ARP packets cannot bypass the
check of the static IPv4 binding entry.
The option vlan vlan-id is only available in
Layer 2 Ethernet interface view.
NOTE:
You cannot configure the same static binding entry on one interface, but you can confi
g
ure the same static
binding entry on different interfaces.
Configuring the IPv6 source guard function
You cannot configure the IPv6 source guard function on a service loopback interface. If IPv6 source
guard is enabled on an interface, you cannot assign the interface to a service loopback group.
Enabling IPv6 source guard on an interface
You must first enable the IPv6 source guard function on an interface before the interface can use static
IPv6 binding entries to filter packets.
All the fields except the VLAN in a static IPv6 binding entry are used by IP source guard to filter packets.
For information about how to configure a static IPv6 binding entry, see "
Configuring a static IPv6 source
guard binding entry on an interface."
To enable the IPv6 source guard function on an interface:
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A
2. Enter interface view.
interface interface-type
interface-number
These types of interfaces are
supported: Layer 2 Ethernet port,
Layer 3 Ethernet interface, and
VLAN interface.