- Table of Contents
-
- 03-WLAN Command References
- 00-Preface
- 01-AP management commands
- 02-Radio management commands
- 03-WLAN access commands
- 04-WLAN security commands
- 05-WLAN authentication commands
- 06-WIPS commands
- 07-WLAN QoS commands
- 08-WLAN roaming commands
- 09-WLAN load balancing commands
- 10-WLAN radio resource measurement commands
- 11-Channel scanning commands
- 12-Band navigation commands
- 13-WLAN high availability commands
- 14-802.11r commands
- 15-Wireless location commands
- 16-AC hierarchy commands
- 17-WLAN RRM commands
- 18-WLAN IP snooping commands
- 19-WLAN probe commands
- 20-WLAN forwarding commands
- 21-Spectrum management commands
- 22-WLAN radio load balancing commands
- 23-User isolation commands
- 24-Packet capture commands
- 25-802.1X client commands
- 26-IP source guard commands
- Related Documents
-
Title | Size | Download |
---|---|---|
26-IP source guard commands | 37.30 KB |
IP source guard commands
ip verify source
Use ip verify source to enable the IPSG feature for IPv4.
Use undo ip verify source to disable the IPSG feature for IPv4.
Syntax
ip verify source
undo ip verify source
Default
The IPSG feature is disabled for IPv4.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
This feature uses WLAN snooping entries to filter IPv4 packets received by an AP. It drops packets that do not match the entries. A WLAN snooping entry is an IP-MAC binding.
In an IPv4 network, IPSG uses only the WLAN snooping entries obtained through DHCP packets.
Examples
# Enable the IPSG feature for IPv4.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] ip verify source
ip verify unknown-ip
Use ip verify unknown-ip to configure the processing method for packets from unknown source IPv4 addresses received by APs.
Use undo ip verify unknown-ip to restore the default.
Syntax
ip verify unknown-ip { deauthenticate | drop }
undo ip verify unknown-ip
Default
An AP drops packets from unknown source IPv4 addresses and sends deauthentication frames to the sources.
Views
Service template view
Predefined user roles
network-admin
mdc-admin
Parameters
deauthenticate: Drops packets from unknown source IPv4 addresses and sends deauthentication frames to the sources.
drop: Drops packets from unknown source IPv4 addresses only.
Usage guidelines
Unknown source IPv4 addresses refer to the following addresses:
· IPv4 addresses learned from ARP packets that are intercepted by APs.
· IPv4 addresses that have not been learned by APs.
This command is configurable only when the service template is disabled.
This command takes effect only when the IPSG feature is enabled for IPv4.
Examples
# Configure APs to drop packets from unknown source IPv4 addresses.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] ip verify unknown-ip drop
ipv6 verify source
Use ipv6 verify source to enable the IPSG feature for IPv6.
Use undo ipv6 verify source to disable the IPSG feature for IPv6.
Syntax
ipv6 verify source
undo ipv6 verify source
Default
The IPSG feature is disabled for IPv6.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
This feature uses WLAN snooping entries to filter IPv6 packets received by an AP. It drops packets that do not match the entries. A WLAN snooping entry is an IP-MAC binding.
Examples
# Enable the IPSG feature for IPv6.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] ipv6 verify source