Manualshelf

R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis
401402403404405406407408409410
395
You can configure the same static IPv4 source guard binding entry on different interfaces.
The maximum number of static IPv4 source guard binding entries on a Layer 2 interface varies by
hardware:
{ MSR routers installed with the Layer 2 switching module HMIM-24GSW/24GSWP or
HMIM-8GSW: 384
To configure a static IPv4 source guard binding entry on an interface:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type
interface-number
Only Layer 2 Ethernet ports are supported.
3. Configure a static IPv4
source guard binding
entry.
ip source binding { ip-address
ip-address | ip-address
ip-address mac-address
mac-address | mac-address
mac-address } [ vlan vlan-id ]
By default, no static IPv4 source guard binding
entry is configured on an interface.
Configuring the IPv6 source guard function
Enabling IPv6 source guard on an interface
You must first enable the IPv6 source guard function on an interface for the IP source guard to take effect.
All matching criteria in a static IPv6 source guard binding entry are used by IP source guard to filter
packets. For information about static IPv6 binding entry configuration, see "Configuring a static IPv6
so
urce guard binding entry."
A dynamic IPv6 source guard binding entry can include MAC address, IPv6 address, VLAN tag, ingress
interface, and entry type. The entry type identifies the source module for the binding entry, such as
DHCPv6 snooping. Dynamic IPv6 source guard uses the entries to filter incoming IPv6 packets based on
the matching criteria specified in the ipv6 verify source command. If a match is found, packets are
forwarded.
To implement dynamic IPv6 source guard, make sure that DHCPv6 snooping works correctly on the
network.
To enable the IPv6 source guard function on an interface:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type
interface-number
Only Layer 2 Ethernet ports are supported.
3. Enable the IPv6 source
guard function.
ipv6 verify source { ip-address |
ip-address mac-address |
mac-address }
By default, the function is disabled on an
interface.
If you configure this command on an
interface multiple times, the most recent
configuration takes effect.