Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 03-WLAN SAVI commands | 60.97 KB |
Contents
WLAN SAVI commands
display ip source binding
Use display ip source binding to display WLAN SAVI IPv4SG bindings.
Syntax
display ip source binding [ wlan-snooping ] [ ip-address ip-address ] [ mac-address mac-address ] [ vlan vlan-id ] [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
wlan-snooping: Specifies IPv4SG bindings generated based on WLAN snooping. If you do not specify this keyword, this command displays IPv4SG bindings generated based on WLAN IP snooping and IP source guard.
ip-address ip-address: Specifies an IPv4 address.
mac-address mac-address: Specifies a MAC address in H-H-H format.
vlan vlan-id: Specifies a VLAN ID in the range of 1 to 4094.
slot slot-number: Specifies a cloud clusterr member device by its member ID. If you do not specify a member device, this command displays WLAN SAVI IPv4SG bindings for the master device.
Examples
# Display all WLAN snooping IPv4SG bindings.
<Sysname> display ip source binding wlan snooping
Total entries found: 2
IP Address MAC Address Interface VLAN Type
10.1.0.5 040a-0000-4000 WLAN-BSS1/0/1 1 WLAN snooping
10.1.0.6 040a-0000-3000 WLAN-BSS1/0/2 1 WLAN snooping
Table 1 Command output
|
Field |
Description |
|
Total entries found |
Total number of IPv4SG bindings. |
|
IP Address |
IPv4 address in the IPv4SG binding. If no IP address is bound in the binding, this field displays N/A. |
|
MAC Address |
MAC address in the IPv4SG binding. If no MAC address is bound in the binding, this field displays N/A. |
|
Interface |
Interface of the binding. This field displays N/A for a global IPv4SG binding. |
|
VLAN |
VLAN information in the IPv4SG binding. If the binding contains no VLAN information, this field displays N/A. |
|
Type |
IPSG binding type, which is WLAN snooping. The bindings are dynamically generated based on WLAN snooping. The binding is used by other modules to provide security services. |
Related commands
ip verify source
display ipv6 source binding
Use display ipv6 source binding to display WLAN SAVI IPv6SG bindings.
Syntax
display ipv6 source binding [ wlan-snooping ] [ ip-address ipv6-address ] [ mac-address mac-address ] [ vlan vlan-id ] [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
wlan-snooping: Specifies IPv6SG bindings generated based on WLAN snooping. If you do not specify this keyword, this command displays IPv6SG bindings generated based on WLAN IP snooping and IP source guard.
ip-address ipv6-address: Specifies an IPv6 address.
mac-address mac-address: Specifies a MAC address in H-H-H format.
vlan vlan-id: Specifies a VLAN ID in the range of 1 to 4094.
interface interface-type interface-number: Specifies an interface by its type and number.
slot slot-number: Specifies a cloud clusterr member device by its member ID. If you do not specify a member device, this command displays WLAN SAVI IPv6SG bindings for the master device.
Examples
# Display all WLAN snooping IPv6SG bindings.
<Sysname> display ipv6 source binding wlan-snooping
Total entries found: 1
IPv6 Address MAC Address Interface VLAN Type
2012:1222:2012:1222: 000f-2202-0435 WLAN-BSS1/0/1 1 WLAN snooping
2012:1222:2012:1222
Table 2 Command output
|
Field |
Description |
|
Total entries found |
Total number of IPv6SG bindings. |
|
IPv6 Address |
IPv6 address in the IPv6SG binding. If no IPv6 address is bound in the binding, this field displays N/A. |
|
MAC Address |
MAC address in the IPv6SG binding. If no MAC address is bound in the binding, this field displays N/A. |
|
Interface |
Interface of the IPv6SG binding. This field displays N/A for a global IPv6SG binding. |
|
VLAN |
VLAN information in the IPv6SG binding. If the binding contains no VLAN information, this field displays N/A. |
|
Type |
Type of the IPv6SG binding, which is WLAN snooping. The bindings are dynamically generated based on WLAN snooping. The binding is used by other modules to provide security services. |
Related commands
ipv6 verify source
ip verify source
Use ip verify source to enable the IPSG feature for IPv4.
Use undo ip verify source to disable the IPSG feature for IPv4.
Syntax
ip verify source [ alarm-only ]
undo ip verify source
Default
The IPSG feature is disabled for IPv4.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
alarm-only: Represents that the IPSG feature for IPv4 only generates alarms but does not block traffic.
Usage guidelines
This feature uses WLAN snooping entries to filter IPv4 packets received by an AP. It drops packets that do not match the entries. A WLAN snooping entry is an IP-MAC binding.
In an IPv4 network, IPSG uses only the WLAN snooping entries obtained through DHCP packets.
Examples
# Enable the IPSG feature for IPv4.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] ip verify source
ipv6 verify source
Use ipv6 verify source to enable the IPSG feature for IPv6.
Use undo ipv6 verify source to disable the IPSG feature for IPv6.
Syntax
ipv6 verify source [ alarm-only ]
undo ipv6 verify source
Default
The IPSG feature is disabled for IPv6.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
alarm-only: Represents that the IPSG feature for IPv6 only generates alarms but does not block traffic.
Usage guidelines
This feature uses WLAN snooping entries to filter IPv6 packets received by an AP. It drops packets that do not match the entries. A WLAN snooping entry is an IP-MAC binding.
Examples
# Enable the IPSG feature for IPv6.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] ipv6 verify source