ip verify source

Syntax

ip verify source { ip-address | ip-address mac-address | mac-address }

undo ip verify source

View

Layer 2 Ethernet interface view

Default level

2: System level

Parameters

ip-address: Binds source IPv4 addresses to the port.

ip-address mac-address: Binds source IPv4 addresses and MAC addresses to the port.

mac-address: Binds source MAC addresses to the port.

Description

Use ip verify source to enable the IPv4 source guard function on a port and specify the elements to be included in the port’s dynamic binding entries.

Use undo ip verify source to restore the default.

By default, the IPv4 source guard function is disabled on a port.

After you configure the IPv4 source guard function on a port, IPv4 source guard dynamically generates IPv4 source guard entries based on the DHCP snooping entries (on a Layer 2 Ethernet port) or the DHCP-relay entries (on a VLAN interface), and all static IPv4 source guard entries on the port become effective.

You cannot configure the IPv4 source guard function on a port that is in an aggregation group.

Related commands: display ip source binding.

Examples

# Configure dynamic IPv4 binding on Layer 2 Ethernet port Ethernet 1/0/1 to filter packets based on the source IPv4 address and MAC address.

<Sysname> system-view
[Sysname] interface ethernet 1/0/1
[Sysname-Ethernet1/0/1] ip verify source ip-address mac-address