R2511-HP MSR Router Series Security Command Reference(V5)
478
After you configure the IPv4 source guard function on a port, IPv4 source guard dynamically generates
IPv4 source guard binding entries based on the DHCP snooping entries (on a Layer 2 Ethernet port), and
all static IPv4 source guard binding entries on the port become effective.
The keywords specified in the ip verify source command are only for instructing the generation of
dynamic IPv4 source guard binding entries. It does not affect static IP source guard binding entries.
When using a static source guard binding entry, a port does not take the keywords into consideration.
The following matrix shows the command and router compatibility:
Hardware Command compatibility
Support for generating dynamic
bindin
g
entries
MSR900 Yes. No.
MSR93X Yes on Layer 2 fixed Ethernet ports.
Yes.
Supports only MAC-port binding entries.
MSR20-1X No. N/A
MSR20 No. N/A
MSR30
Yes on the following models:
• MSR30 routers installed with MIM-FSW or
DMIM-FSW modules.
• MSR30-11E Layer 2 fixed Ethernet ports.
• MSR30-11F Layer 2 fixed Ethernet ports.
.Yes.
The bindings on MSR30-11F Layer 2 fixed
Ethernet ports do not include VLAN
information.
MSR50
Yes on MSR50 routers installed with FIC-FSW or
DFIC-FSW modules.
Yes.
MSR1000 Yes on MSR1000 Layer 2 fixed Ethernet ports. No.
Examples
# Configure IPv4 source guard on Layer 2 Ethernet port Ethernet 1/1 to filter packets based on the source
IPv4 address and MAC address.
<Sysname> system-view
[Sysname] interface ethernet 1/1
[Sysname-Ethernet1/1] ip verify source ip-address mac-address
Related commands
display ip source binding
ip verify source max-entries
Use ip verify source max-entries to set the maximum number of static and dynamic IPv4 source guard
binding entries on a port.
Use undo ip verify source max-entries to remove the restriction on the number of static and dynamic IPv4
source guard binding entries on a port.
Syntax
ip verify source max-entries number
undo ip verify source max-entries