Dynamic Ip Source Guard Entries; Ip Source Guard Configuration Task List - HP 12500 Series Configuration Manual
Routing
Hide thumbs
Also See for 12500 Series:
- Configuration manual (402 pages) ,
- Network management and monitoring command reference (320 pages) ,
- Command reference manual (157 pages)
Table of Contents
A static IPv4 source guard entry filters IPv4 packets received by the port or checks the validity of users by
cooperating with the ARP detection feature. A static IPv6 source guard entry filters IPv6 packets received
by the port or checks the validity of users by cooperating with the ND detection feature.
For information about ARP detection, see
detection, see
The switch supports only port-based IPv4/IPv6 static binding entry.
A port-based static binding entry binds an IP address, MAC address, VLAN, or any combination of the
three with a port. Such an entry is effective on only the specified port. A port forwards a packet only
when the IP address, MAC address, and VLAN tag (if any) of the packet all match those in a static
binding entry on the port or a global static binding entry. All other packets will be dropped.
Port-based static binding entries are used to check the validity of users who are trying to access a port.
Dynamic IP source guard entries
Dynamic IP source guard entries are generated dynamically according to client entries on the DHCP
snooping or DHCP relay agent device. They are suitable for scenarios where many hosts reside in a LAN
and obtain IP addresses through DHCP. Once DHCP allocates an IP address to a client, IP source guard
automatically adds the client entry to allow the client to access the network. A user using an IP address
not obtained through DHCP cannot access the network. Dynamic IPv6 source guard entries can also be
obtained from client entries on the ND snooping device.
Dynamic IPv4 source guard entries are generated dynamically based on DHCP snooping or DHCP
•
relay entries to filter incoming IPv4 packets on a port.
•
Dynamic IPv6 source guard entries are generated dynamically based on DHCPv6 snooping or ND
snooping entries to filter incoming IPv6 packets on a port.
For information about DHCP snooping, DHCP relay, DHCPv6 snooping, and ND snooping, see Layer
3—IP Services Configuration Guide.
IP source guard configuration task list
Complete the following tasks to configure IPv4 source guard:
Task
Configuring IPv4 source guard on a port
Configuring a static IPv4 source guard entry
Setting the maximum number of IPv4 source guard entries
Complete the following tasks to configure IPv6 source guard:
Task
Configuring IPv6 source guard on a port
Configuring a static IPv6 source guard entry
Setting the maximum number of IPv6 source guard entries
"Configuring ND attack
"Configuring ARP attack
defense."
250
protection." For information about ND
Remarks
Required.
Optional.
Optional.
Remarks
Required.
Optional.
Optional.
Table of Contents
Troubleshooting
