Static IP source guard binding entries

Static IP source guard binding entries are configured manually. They are suitable for scenarios where several hosts exist on a LAN and their IP addresses are manually configured. For example, you can configure a static IP source guard binding entry on an interface that connects to a server. This binding entry allows the interface to receive packets only from the server.

A static IPv4 source guard binding entry filters incoming IPv4 packets on the interface or cooperates with ARP detection to check the validity of users. A static IPv6 source guard binding entry filters incoming IPv6 packets on the interface or cooperates with the ND detection feature to check the validity of users.

For information about ARP detection, see "Configuring ARP attack protection." For information about ND detection, see "Configuring ND attack defense."

Static IP source guard binding entries can be global or interface-specific.

• Global static binding entry—Binds the IP address and MAC address in system view. The binding entry takes effect on all interfaces to filter packets for user spoofing attack prevention.

• Interface-specific static binding entry—Binds the IP address, MAC address, or the combination of the items in interface view. The binding entry takes effect only on the interface to check the validity of users who are attempting to access the interface.