Manualshelf

R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
421422423424425426427428429430
416
Ste
p
Command
Remarks
2. Enter interface view.
interface interface-type
interface-number
N/A
3. Enable IPv4 source guard on
the port.
ip verify source { ip-address |
ip-address mac-address |
mac-address }
Disabled by default.
NOTE:
A
lthou
g
h dynamic IPv4 source
g
uard bindin
g
entries are
g
enerated based on DHCP entries, the numbe
r
of dynamic IPv4 source guard binding entries is not necessarily the same as that of the DHCP entries.
Configuring a static IPv4 source guard binding entry
Static IPv4 source guard binding entries take effect only on the ports enabled with the IPv4 source guard
function (see "Enabling IPv4 source guard on a port")
.
Follow these guidelines when you configure a static IPv4 source guard binding entry:
You cannot configure the same static binding entry on one port, but you can configure the same
static entry on different ports.
If you configure a static binding entry the same as an existing dynamic binding entry, the static
binding entry overwrites the dynamic binding entry.
To configure a static IPv4 source guard binding entry on a port:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type
interface-number
N/A
3. Configure a static IPv4 source
guard binding entry on the
port.
ip source binding { ip-address
ip-address | ip-address ip-address
mac-address mac-address |
mac-address mac-address } [ vlan
vlan-id ]
By default, no static IPv4 binding
entry is configured on a port.
A static source guard binding entry
can be configured on only Layer 2
Ethernet ports.
Setting the maximum number of IPv4 source guard binding
entries
The maximum number of IPv4 source guard binding entries limits the total number of static and dynamic
IPv4 source guard binding entries on a port. When the number of IPv4 source guard binding entries on
a port reaches the upper limit, the port does not allowed new IPv4 binding entries.
If the maximum number of IPv4 binding entries to be configured is smaller than the number of existing
IPv4 binding entries on the port, the maximum number can be configured successfully and the existing
entries will not be affected. New IPv4 binding entries, however, cannot be added more unless the
number of IPv4 binding entries on the port drops below the configured maximum.