Configuring a static IPv6 source guard entry
Static IPv6 binding entries take effect only on ports configured with the IPv6 source guard function (see "Configuring the IPv6 source guard function").
Port-based static IPv6 source guard entries and dynamic IPv6 source guard entries take precedence over global static IPv6 source guard entries. A port matches a packet against global static binding entries only when the packet does not match any port-based static binding entry or dynamic binding entry on the port.
Configuring global static IPv6 binding entries
A global static IPv6 binding entry defines the IPv6 address and MAC address of the packets that can be forwarded by ports. It takes effect on all ports of the device.
To configure a global static IPv6 binding entry:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Configure a global static IPv6 binding entry. | ipv6 source binding ipv6-address ipv6-address mac-address mac-address | No global static IPv6 binding entry is configured by default. |
Configuring port-based static IPv6 binding entries
Follow these guidelines to configure port-based static IPv6 source guard entries:
You cannot configure the same static binding entry on one port, but you can configure the same static binding entry on different ports.
In an IPv6 source guard entry, the MAC address cannot be all 0s, all Fs (a broadcast MAC address), or a multicast address. The IPv6 address must be a unicast address and cannot be all 0s, all Fs, or a loopback address.
When the ND detection function is configured, be sure to specify the VLAN where ND detection is configured in static IPv6 binding entries. Otherwise, ND packets are discarded because they cannot match any static IPv6 binding entry.
To configure a static IPv6 source guard entry on a port:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter Layer 2 Ethernet interface view. | interface interface-type interface-number | N/A |
3. Configure a static IPv6 binding entry on a port. | ipv6 source binding { ipv6-address ipv6-address | ipv6-address ipv6-address mac-address mac-address | mac-address mac-address } [ vlan vlan-id ] | By default, no static IPv6 binding entry is configured on a port. IP source guard does not use the VLAN information (if specified) in static IPv6 binding entries to filter packets. |
NOTE: If a static binding entry to be added denotes the same binding as an existing dynamic binding entry, the new static binding entry overwrites the dynamic binding entry. | ||