Setting The Maximum Number Of Ipv4 Source Guard Entries Allowed On A Port; Configuring The Ipv6 Source Guard Function; Enabling Ipv6 Source Guard On A Port - HP 10500 Series Configuration Manual
Security configuration guide
Hide thumbs
Also See for 10500 Series:
- Security configuration manual (596 pages) ,
- Configuration manual (512 pages) ,
- Specifications (42 pages)
Table of Contents
Advertisement
Step
3.
Configure a static IPv4 source
guard entry on the port.
Setting the maximum number of IPv4 source guard entries
allowed on a port
The maximum number of IPv4 source guard entries is used to limit the total number of static and dynamic
IPv4 source guard entries on a port. When the number of IPv4 binding entries on a port reaches the
maximum, the port no longer allows new IPv4 binding entries.
If the maximum number of IPv4 binding entries to be configured is smaller than the number of existing
IPv4 binding entries on the port, the maximum number can be configured successfully, and the existing
entries are not affected. New IPv4 binding entries, however, cannot be added until the number of IPv4
binding entries on the port drops below the configured maximum.
To configure the maximum number of IPv4 binding entries allowed on a port:
Step
1.
Enter system view.
2.
Enter Layer 2 Ethernet
interface view.
3.
Configure the maximum
number of IPv4 binding
entries allowed on the port.
Configuring the IPv6 source guard function
You cannot enable IPv6 source guard on a link aggregation member port or a service loopback port. If
IPv6 source guard is enabled on a port, you cannot assign the port to a link aggregation group or a
service loopback group.
Enabling IPv6 source guard on a port
The IPv6 source guard function must be enabled on a port before the port can use static IPv6 source
guard entries to filter packets.
For information about how to configure a static IPv6 static binding entry, see
•
IPv6 source guard
To configure the IPv6 source guard function on a port:
Step
1.
Enter system view.
Command
ip source binding { ip-address
ip-address | ip-address ip-address
mac-address mac-address |
mac-address mac-address } [ vlan
vlan-id ]
Command
system-view
interface interface-type
interface-number
ip verify source max-entries
number
entry."
Command
system-view
240
Remarks
By default, no static IPv4 binding
entry is configured on a port.
IP source guard does not use the
VLAN information (if specified) in
static IPv4 binding entries to filter
packets.
Remarks
N/A
N/A
Optional.
By default, the maximum number is
256.
"Configuring a static
Remarks
N/A
Advertisement
Table of Contents
Troubleshooting
