- Table of Contents
-
- 12-Security Command Reference
- 00-Preface
- 01-DAE proxy commands
- 02-Password control commands
- 03-Keychain commands
- 04-Public key management commands
- 05-PKI commands
- 06-IPsec commands
- 07-SSH commands
- 08-SSL commands
- 09-Session management commands
- 10-Object group commands
- 11-Attack detection and prevention commands
- 12-IP-based attack prevention commands
- 13-IP source guard commands
- 14-ARP attack protection commands
- 15-ND attack defense commands
- 16-uRPF commands
- 17-SAVA commands
- 18-SAVNET commands
- 19-Crypto engine commands
- 20-Trust level commands
- Related Documents
-
Title | Size | Download |
---|---|---|
13-IP source guard commands | 62.17 KB |
IP source guard commands
display ip source binding
Use display ip source binding to display IPv4SG bindings.
Syntax
display ip source binding [ static | [ vpn-instance vpn-instance-name ] [ dhcp-relay | dhcp-server ] ] [ ip-address ip-address ] [ mac-address mac-address ] [ vlan vlan-id ] [ interface interface-type interface-number ] [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
static: Displays static IPv4SG bindings.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. To display dynamic IPv4SG bindings for the public network, do not specify a VPN instance.
dhcp-relay: Specifies the DHCP relay agent module.
dhcp-server: Specifies the DHCP server module.
ip-address ip-address: Specifies an IPv4 address.
mac-address mac-address: Specifies a MAC address in H-H-H format.
vlan vlan-id: Specifies a VLAN ID in the range of 1 to 4094.
interface interface-type interface-number: Specifies an interface by its type and number.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays IPv4SG bindings on the active MPU.
Examples
# Display all IPSG bindings on the public network.
<Sysname> display ip source binding
Total entries found: 5
IP Address MAC Address Interface VLAN Type
10.1.0.8 040a-0000-1000 XGE3/0/2 N/A DHCP relay
10.1.0.9 040a-0000-2000 XGE3/0/2 N/A Static
Table 1 Command output
Field |
Description |
Total entries found |
Total number of IPv4SG bindings. |
IP Address |
IPv4 address in the IPv4SG binding. If no IP address is bound in the binding, this field displays N/A. |
MAC Address |
MAC address in the IPv4SG binding. If no MAC address is bound in the binding, this field displays N/A. |
Interface |
Interface of the binding. This field displays N/A for a global IPv4SG binding. |
VLAN |
VLAN information in the IPv4SG binding. If the binding contains no VLAN information, this field displays N/A. |
Type |
IPSG binding type: · Static—Manually configured by using the ip source binding command. Static bindings are for packet filtering in IPSG. · DHCP relay—Dynamically generated based on DHCP relay agent. The binding is for packet filtering in IPSG. · DHCP server—Dynamically generated based on DHCP server. The binding is used by other modules to provide security services. |
Related commands
ip source binding
ip verify source
ip source binding (interface view)
Use ip source binding to configure a static IPv4SG binding on an interface.
Use undo ip source binding to delete the static IPv4SG bindings configured on an interface.
Syntax
ip source binding ip-address ip-address mac-address mac-address
undo ip source binding { all | ip-address ip-address mac-address mac-address }
Default
No static IPv4SG bindings exist on an interface.
Views
Layer 3 Ethernet interface view
Layer 3 Ethernet subinterface view
VLAN interface view
Predefined user roles
network-admin
Parameters
all: Removes all static IPv4SG bindings on the interface.
ip-address ip-address: Specifies an IPv4 address for the static binding. The IPv4 address must be a class A, B, or C address, and cannot be 127.x.x.x or 0.0.0.0.
mac-address mac-address: Specifies a MAC address for the static binding. The MAC address must be in H-H-H format, and cannot be all 0s or all Fs (a broadcast MAC address).
Usage guidelines
Static IPv4SG bindings on an interface filter incoming IPv4 packets on the interface.
Examples
# Configure a static IPv4SG binding on Ten-GigabitEthernet 3/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/0/1
[Sysname-Ten-GigabitEthernet3/0/1] ip source binding ip-address 192.168.0.1 mac-address 0001-0001-0001
Related commands
display ip source binding
ip verify source
Use ip verify source to enable IPv4SG on an interface.
Use undo ip verify source to disable IPv4SG on an interface.
Syntax
ip verify source ip-address mac-address
undo ip verify source
Default
The IPv4SG feature is disabled on an interface.
Views
Layer 3 Ethernet interface view
Layer 3 Ethernet subinterface view
Layer 3 aggregate interface view
Layer 3 aggregate subinterface view
VLAN interface view
Predefined user roles
network-admin
Parameters
ip-address mac-address: Filters incoming packets by source IPv4 addresses and source MAC addresses.
Usage guidelines
After you enable IPv4SG on an interface, this feature uses static and dynamic IPv4SG bindings to match incoming packets on the interface. Packets that match an IPv4SG binding are forwarded and packets that do not match any IPv4SG binding are discarded.
The matching criterion specified by this command applies only to dynamic IPSG. Static IPv4SG uses static bindings configured by using the ip source binding command.
If you execute this command on an interface multiple times, the most recent configuration takes effect.
Examples
# Enable IPv4SG on Layer 3 Ethernet interface Ten-GigabitEthernet 3/0/2 and verify the source IPv4 address and MAC address for dynamic IPSG.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/0/2
[Sysname-Ten-GigabitEthernet3/0/2] ip verify source ip-address mac-address
Related commands
display ip source binding