R0106-HP MSR Router Series Security Configuration Guide(V7)
397
Task Command
Display IPv6 source guard
binding entries (MSR4000).
display ipv6 source binding [ static | [ vpn-instance vpn-instance-name ]
[ dhcpv6-snooping ] ] [ ip-address ipv6-address ] [ mac-address mac-address ]
[ vlan vlan-id ] [ interface interface-type interface-number ] [ slot slot-number ]
IP source guard configuration examples
Static IPv4 source guard configuration example
Network requirements
As shown in Figure 116, all hosts use static IP addresses.
Configure static IPv4 source guard binding entries on Device A and Device B to meet the following
requirements:
• GigabitEthernet 2/1/2 of Device A allows only IP packets from Host C to pass.
• GigabitEthernet 2/1/1 of Device A allows only IP packets from Host A to pass.
• GigabitEthernet 2/1/1 of Device B allows IP packets from Host B to pass.
Figure 116 Network diagram
Configuration procedure
1. Configure Device A:
# Configure IP addresses for the interfaces. (Details not shown.)
# Enable IPv4 source guard on GigabitEthernet 2/1/2.
<DeviceA> system-view
[DeviceA] interface gigabitethernet 2/1/2
[DeviceA-GigabitEthernet2/1/2] ip verify source ip-address mac-address
# On GigabitEthernet 2/1/2, configure a static IPv4 source guard binding entry for Host C.
[DeviceA-GigabitEthernet2/1/2] ip source binding ip-address 192.168.0.3 mac-address
0001-0203-0405
[DeviceA-GigabitEthernet2/1/2] quit
# Enable IPv4 source guard on GigabitEthernet 2/1/1.
[DeviceA] interface gigabitethernet 2/1/1
[DeviceA-GigabitEthernet2/1/1] ip verify source ip-address mac-address
# On GigabitEthernet 2/1/1, configure a static IPv4 source guard binding entry for Host A.
IP: 192.168.0.3/24
MAC : 0001-0203-0405
IP: 192.168.0.1/24
MAC: 0001-0203-0406
Host A
IP: 192.168.0.2/24
MAC: 0001-0203-0407
Host B
Host C
GE2/1/2
GE2/1/1
GE2/1/2
GE2/1/1
Device A
Device B