Dynamic Ipv4 Source Binding Entries; Ip Source Guard Configuration Task List; Configuring The Ipv4 Source Guard Function; Enabling Ipv4 Source Guard On An Interface - HP 5920 Series Configuration Manual
Hide thumbs
Also See for 5920 Series:
- Command reference manual (607 pages) ,
- Configuration manual (424 pages) ,
- Fc and fcoe configuration manual (257 pages)
Table of Contents
Dynamic IPv4 source binding entries
IP source guard can automatically obtain user information from other modules to generate IPv4 binding
entries. On interfaces configured with the dynamic IPv4 source guard function, IP source guard
cooperates with different modules to generate IPv4 binding entries dynamically:
On an Ethernet port, IP source guard can cooperate with DHCP snooping, obtain the DHCP
•
snooping entries generated when hosts dynamically obtain IP addresses, and generate IPv4
binding entries accordingly to filter packets.
On a VLAN interface, IP source guard can cooperate with the DHCP relay agent, obtain the DHCP
•
relay entries generated when hosts obtain IP addresses across subnets, and generate IPv4 binding
entries accordingly to filter packets.
On a VLAN interface, IP source guard can also cooperate with the DHCP server. It generates
•
dynamic binding entries according to the user information recorded by the DHCP server during IP
address allocation. Such binding entries do not filter packets directly but help other modules (such
as the ARP detection module) to provide security services.
For information about DHCP snooping, DHCP relay, and DHCP server see Layer 3—IP Services
Configuration Guide.
IP source guard configuration task list
To configure IPv4 source guard, perform the following tasks:
Tasks at a glance
(Required.)
(Optional.)
To configure IPv6 source guard, perform the following tasks:
Tasks at a glance
(Required.)
(Optional.)
Configuring the IPv4 source guard function
You cannot configure the IPv4 source guard function on a service loopback interface. If IPv4 source
guard is enabled on an interface, you cannot assign the interface to a service loopback group.
Enabling IPv4 source guard on an interface
You must first enable the IPv4 source guard function on an interface before the interface can obtain
dynamic IPv4 binding entries and use static and dynamic IPv4 binding entries to filter packets or help
other modules to provide security services.
All the fields in a static IPv4 binding entry are used by IP source guard to filter packets. For information
about how to configure a static IPv4 binding entry, see
an
interface."
Enabling IPv4 source guard on an interface
Configuring a static IPv4 source guard entry on an interface
Enabling IPv6 source guard on an interface
Configuring a static IPv6 source guard entry on an interface
"Configuring a static IPv4 source guard entry on
192
Table of Contents
Troubleshooting
