The set ip-source-guard enable command can be used to enable or disable IP source guard function based on ingress interface and VLAN of the packet.
The delete ip-source-guard enable command deletes the configuration.
Command Syntax
set ip-source-guard interface <interface-name> vlan <vlan-id> enable <true | false>
delete ip-source-guard interface <interface-name> vlan <vlan-id> enable
Parameter
Parameter | Description |
interface <interface-name> | Specifies an ingress interface name. The value is a physical port or a LAG port, such as ge-1/1/1, te-1/1/2, ae1. Note: IP source guard be enabled on a physical interface or a Link Aggregation Group (LAG) interface but cannot be enabled on the member interfaces of a LAG. |
vlan <vlan-id> | Specifies a VLAN ID. The value is an integer that ranges from 1 to 4094.
|
enable <true | false> | Enable or disable IP source guard function. The value could be true or false.
By default, IP source guard function is disabled. |
Usage Guidelines
IP source guard should be enabled based on specific interfaces and VLANs. When IP source guard is enabled based on a specific interface and VLAN, all packets from that interface and VLAN will be dropped except those that match entries in the IP source guard binding table.
Packets received from interfaces or VLANs that do not have IP source guard enabled will not be checked by the IP source guard module and will be processed as normal.
Example
Enable IP source guard on interface ge-1/1/3 and VLAN 20.
admin@PICOS# set ip-source-guard interface ge-1/1/3 vlan 20 enable true admin@PICOS# commit