HP 6125G HP 6125G & 6125G/XG Blade Switches Security Command Reference - Page 258

ip verify source max-entries

Page 258 highlights

By default, the IPv4 source guard function is disabled on a port. After you configure the IPv4 source guard function on a port, IPv4 source guard dynamically generates IPv4 source guard entries based on the DHCP snooping entries (on a Layer 2 Ethernet port) or the DHCP-relay entries (on a VLAN interface), and all static IPv4 source guard entries on the port become effective. You cannot configure the IPv4 source guard function on a port that is in an aggregation group or a service loopback group. Related commands: display ip source binding. Examples # Configure dynamic IPv4 binding on Layer 2 Ethernet port GigabitEthernet 1/0/1 to filter packets based on the source IPv4 address and MAC address. system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] ip verify source ip-address mac-address # Configure dynamic IPv4 binding on VLAN-interface 100 to filter packets based on the source IPv4 address and MAC address. system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ip verify source ip-address mac-address ip verify source max-entries Syntax ip verify source max-entries number View undo ip verify source max-entries Layer 2 Ethernet interface view Default level 2: System level Parameters number: Maximum number of IPv4 source guard entries allowed on a port. The value is in the range of 0 to 512. Description Use ip verify source max-entries to set the maximum number of static and dynamic IPv4 source guard entries on a port. When the number of IPv4 binding entries on a port reaches the maximum, the port no longer allows new IPv4 binding entries. Use undo ip verify source max-entries to cancel the limit set on the number of IPv4 source guard entries. By default, the maximum number of IPv4 source guard entries allowed on a port is 512. If the maximum number of IPv4 binding entries to be configured is smaller than the number of existing IPv4 binding entries on the port, the maximum number can be configured successfully and the existing entries are not affected. New IPv4 binding entries, however, cannot be added any more unless the number of IPv4 binding entries on the port drops below the configured maximum. 249

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291

249
By default, the IPv4 source guard function is disabled on a port.
After you configure the IPv4 source guard function on a port, IPv4 source guard dynamically generates
IPv4 source guard entries based on the DHCP snooping entries (on a Layer 2 Ethernet port) or the
DHCP-relay entries (on a VLAN interface), and all static IPv4 source guard entries on the port become
effective.
You cannot configure the IPv4 source guard function on a port that is in an aggregation group or a
service loopback group.
Related commands:
display ip source binding
.
Examples
# Configure dynamic IPv4 binding on Layer 2 Ethernet port GigabitEthernet 1/0/1 to filter packets
based on the source IPv4 address and MAC address.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] ip verify source ip-address mac-address
# Configure dynamic IPv4 binding on VLAN-interface 100 to filter packets based on the source IPv4
address and MAC address.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ip verify source ip-address mac-address
ip verify source max-entries
Syntax
ip verify source
max-entries
number
undo ip verify source
max-entries
View
Layer 2 Ethernet interface view
Default level
2: System level
Parameters
number
: Maximum number of IPv4 source guard entries allowed on a port. The value is in the range of
0 to 512.
Description
Use
ip verify source max-entries
to set the maximum number of static and dynamic IPv4 source guard
entries on a port. When the number of IPv4 binding entries on a port reaches the maximum, the port no
longer allows new IPv4 binding entries.
Use
undo ip verify source max-entries
to cancel the limit set on the number of IPv4 source guard entries.
By default, the maximum number of IPv4 source guard entries allowed on a port is 512.
If the maximum number of IPv4 binding entries to be configured is smaller than the number of existing
IPv4 binding entries on the port, the maximum number can be configured successfully and the existing
entries are not affected. New IPv4 binding entries, however, cannot be added any more unless the
number of IPv4 binding entries on the port drops below the configured maximum.