455
Parameters
ip-address
: Binds source IPv4 addresses to the port.
ip-address mac-address
: Binds source IPv4 addresses and MAC addresses to the port.
mac-address
: Binds source MAC addresses to the port.
Usage guidelines
After you enable the IPv4 source guard function on a port, IPv4 source guard dynamically generates
IPv4 source guard entries based on the DHCP snooping entries or the DHCP-relay entries, and all
static IPv4 source guard entries on the port become effective.
The keywords specified in this command take effect only on dynamic IP source guard entries. When
using a static source guard entry, a port does not take the keywords into consideration.
You cannot configure IPv4 source guard on a link aggregation member port.
Examples
# Configure IPv4 source guard on Layer 2 port GigabitEthernet 3/0/1 to filter packets based on the
source IPv4 address and MAC address.
<Sysname> system-view
[Sysname] interface gigabitethernet 3/0/1
[Sysname-GigabitEthernet3/0/1] ip verify source ip-address mac-address
# Configure IPv4 source guard on VLAN-interface 100 to filter packets based on the source IPv4
address and MAC address.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ip verify source ip-address mac-address
Related commands
display ip source binding
ip verify source max-entries
Use
ip verify source max-entries
to set the maximum number of static and dynamic IPv4 source
guard entries on a port. When the number of IPv4 binding entries on a port reaches the maximum,
the port no longer allows new IPv4 binding entries.
Use
undo ip verify source max-entries
to cancel the upper limit on a port.
Syntax
ip verify source
max-entries
number
undo ip verify source
max-entries
Default
No limit is set to the number of IPv4 source guard entries on a port.
Views
Layer 2 Ethernet port view
Default command level
2: System level
Parameters
number
: Maximum number of IPv4 source guard entries allowed on a port, in the range of 0 to 256.