v
Enabling IPv4 source guard on an interface ···································································································· 162
Configuring a static IPv4 source guard binding entry on an interface ························································· 163
Configuring the IPv6 source guard function
·············································································································· 164
Enabling IPv6 source guard on an interface ···································································································· 164
Configuring a static IPv6 source guard binding entry on an interface ························································· 164
Displaying and maintaining IP source guard ············································································································ 165
Static IPv4 source guard configuration example ······································································································ 165
Dynamic IPv4 source guard using DHCP snooping configuration example·························································· 167
Dynamic IPv4 source guard using DHCP relay configuration example ································································· 169
Static IPv6 source guard configuration example ······································································································ 170
Configuring ARP attack protection························································································································· 171
ARP attack protection configuration task list ············································································································· 171
Configuring unresolvable IP attack protection ·········································································································· 171
Configuring ARP source suppression ················································································································ 172
Enabling ARP black hole routing ······················································································································· 172
Displaying and maintaining unresolvable IP attack protection ······································································ 172
Configuration example ······································································································································· 172
Configuring ARP packet rate limit ······························································································································ 173
Configuration guidelines ···································································································································· 174
Configuration procedure ···································································································································· 174
Configuring source MAC-based ARP attack detection ···························································································· 174
Configuration procedure ···································································································································· 174
Displaying and maintaining source MAC-based ARP attack detection························································· 175
Configuration example ······································································································································· 175
Configuring ARP packet source MAC consistency check ························································································ 177
Configuring ARP active acknowledgement ··············································································································· 177
Configuring ARP detection ·········································································································································· 177
Configuring user validity check ························································································································· 177
Configuring ARP packet validity check ············································································································· 178
Configuring ARP restricted forwarding ············································································································· 179
Displaying and maintaining ARP detection ······································································································ 179
User validity check and ARP packet validity check configuration example·················································· 180
Configuring ARP automatic scanning and fixed ARP······························································································· 181
Configuration guidelines ···································································································································· 181
Configuration procedure ···································································································································· 182
Configuring ARP gateway protection ························································································································ 182
Configuration guidelines ···································································································································· 182
Configuration procedure ···································································································································· 182
Configuration example ······································································································································· 183
Configuring ARP filtering
············································································································································· 183
Configuration guidelines ···································································································································· 183
Configuration procedure ···································································································································· 184
Configuration example ······································································································································· 184
Configuring uRPF····················································································································································· 186
uRPF check modes
························································································································································ 186
uRPF operation ····························································································································································· 186
Network application ···················································································································································· 189
Configuration procedure ············································································································································· 189
Displaying and maintaining uRPF ······························································································································ 190
Configuration example ················································································································································ 190
Network requirements········································································································································· 190
Configuration procedure ···································································································································· 190