beautypg.com

Configuring the ipv4 source guard feature, Enabling ipv4 source guard on an interface – H3C Technologies H3C S6300 Series Switches User Manual

Page 328

background image

313

Tasks at a glance

(Required.)

Enabling IPv4 source guard on an interface

(Optional.)

Configuring a static IPv4 source guard binding entry

To configure IPv6 source guard, perform the following tasks:

Tasks at a glance

(Required.)

Enabling IPv6 source guard on an interface

(Optional.)

Configuring a static IPv6 source guard binding entry

Configuring the IPv4 source guard feature

Enabling IPv4 source guard on an interface

You must first enable the IPv4 source guard feature on an interface for the IP source guard to take effect.
All matching criteria in a static IPv4 source guard binding entry are used by IP source guard to filter

packets. For information about static binding entry configuration, see "

Configuring a static IPv4 source

guard binding entry

."

A dynamic IPv4 source guard binding entry can include MAC address, IPv4 address, VLAN tag, ingress

interface, and entry type. The entry type identifies the source module for the binding entry, such as DHCP

snooping and DHCP relay. Dynamic IP source guard uses the entries to filter incoming IPv4 packets

based on the matching criteria specified in the ip verify source command. If a match is found, the packet
is forwarded.
To implement dynamic IPv4 source guard, make sure the DHCP snooping or DHCP relay feature

operates correctly on the network.
To enable the IPv4 source guard feature on an interface:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter interface view.

interface interface-type
interface-number

Layer 2 Ethernet ports and VLAN
interfaces are supported.

3.

Enable the IPv4 source guard
feature.

ip verify source { ip-address |
ip-address mac-address |

mac-address }

By default, the feature is disabled
on an interface.
If you configure this command on
an interface multiple times, the

most recent configuration takes

effect.

Configuring a static IPv4 source guard binding entry

You can configure global and interface-specific static IPv4 source guard binding entries.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: