HP 6125G HP 6125G & 6125G/XG Blade Switches Security Command Reference - Page 258
ip verify source max-entries
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 258 highlights
By default, the IPv4 source guard function is disabled on a port. After you configure the IPv4 source guard function on a port, IPv4 source guard dynamically generates IPv4 source guard entries based on the DHCP snooping entries (on a Layer 2 Ethernet port) or the DHCP-relay entries (on a VLAN interface), and all static IPv4 source guard entries on the port become effective. You cannot configure the IPv4 source guard function on a port that is in an aggregation group or a service loopback group. Related commands: display ip source binding. Examples # Configure dynamic IPv4 binding on Layer 2 Ethernet port GigabitEthernet 1/0/1 to filter packets based on the source IPv4 address and MAC address. system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] ip verify source ip-address mac-address # Configure dynamic IPv4 binding on VLAN-interface 100 to filter packets based on the source IPv4 address and MAC address. system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ip verify source ip-address mac-address ip verify source max-entries Syntax ip verify source max-entries number View undo ip verify source max-entries Layer 2 Ethernet interface view Default level 2: System level Parameters number: Maximum number of IPv4 source guard entries allowed on a port. The value is in the range of 0 to 512. Description Use ip verify source max-entries to set the maximum number of static and dynamic IPv4 source guard entries on a port. When the number of IPv4 binding entries on a port reaches the maximum, the port no longer allows new IPv4 binding entries. Use undo ip verify source max-entries to cancel the limit set on the number of IPv4 source guard entries. By default, the maximum number of IPv4 source guard entries allowed on a port is 512. If the maximum number of IPv4 binding entries to be configured is smaller than the number of existing IPv4 binding entries on the port, the maximum number can be configured successfully and the existing entries are not affected. New IPv4 binding entries, however, cannot be added any more unless the number of IPv4 binding entries on the port drops below the configured maximum. 249