Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

The set ipv6-source-guard binding ip command configures a static IPv6 source guard binding entry.

The delete ipv6-source-guard binding ip command deletes the configuration.

Command Syntax

set ipv6-source-guard binding ip <ip_address> mac <mac-address> interface <interface-name> vlan <vlan-id>

delete ipv6-source-guard binding ip<ip_address> [mac <mac-address> interface<interface-name>vlan <vlan-id>]

Parameter

Parameter

Description

ip <ip_address>

Specifies a source IPv6 address for the static binding entry. The IPv6 address should be an unicast address.

mac <mac-address>

Specifies a source MAC address for the static binding entry. The value is in the format of H:H:H:H:H:H. An H contains 2 hexadecimal numbers, and cannot be all 0s, all Fs (a broadcast address), or a multicast address.

interface <interface-name>

Specifies ingress interface name for the static binding entry. The value is a physical port or a LAG port, such as ge-1/1/1, te-1/1/2, ae1.

Note:

IP source guard be enabled on a physical interface or a Link Aggregation Group (LAG) interface but cannot be enabled on the member interfaces of a LAG.

vlan <vlan-id>

Specifies the VLAN ID. The value is an integer that ranges from 1 to 4094.

Usage Guidelines

In IPv6 Source Guard, static binding entries involve manually associating IP addresses with specific interfaces on a network device. IPv6 Source Guard allows only traffic with matching source IP addresses and source MAC addresses to pass through the specified interface, thereby enhancing network security by preventing IP address spoofing attacks.

NOTE:

In the following example, a static IPv6 source guard binding entry is configured on the device. When attempting to delete this entry, an error occurs.

set ipv6-source-guard binding ip 100::6 mac 00:00:00:00:00:01 interface ge-1/1/1 vlan 10

admin@PICOS# delete ipv6-source-guard binding ip 100::6 mac 00:00:00:00:00:01 interface ge-1/1/1 vlan 10
Deleting:
  10
OK
admin@PICOS# commit
IPSG6: vlan is required for ip 100::6, mac 00:00:00:00:00:01, interface ge-1/1/1
Commit failed.

admin@PICOS# delete ip-source-guard binding ip 100::6 mac 00:00:00:00:00:01
Deleting:
    00:00:00:00:00:01 {
                 interface "ge-1/1/1" {
                     vlan 10
        }
    }       
OK
admin@PICOS# commit
IPSG6: mac is required for ip 100::6
Commit failed.

This is typically caused by the following two reasons:

  • Due to the hierarchy structure design of PICOS CLI, when performing a deletion operation, the specified level and all its subordinate levels (i.e., the parameters and subsequent parameters in the command line) will be deleted, while the upper-level hierarchy (i.e., the parameters before the command line) will not be deleted.

  • In the configuration of a static IP source guard binding entry, the command set ipv6-source-guard binding ip <ip_address> mac <mac-address> interface <interface-name> vlan <vlan-id> requires all four parameters: IP address, MAC address, interface name, and VLAN ID, to be configured.

For this type of deletion error, you can complete the deletion configuration by removing the first hierarchy level ipv6-source-guard binding ip.

admin@PICOS# delete ipv6-source-guard binding ip 100::6
Deleting:
    100::6 {
        mac 00:00:00:00:00:01 {
            interface "ge-1/1/1" {
                vlan 10
            }
        }
    }
OK

admin@PICOS# commit
Commit OK.
Save done.

Example

  • Configure a static IPv6 source guard binding entry manually.

admin@PICOS# set ipv6-source-guard binding ip 100::6 mac 22:22:22:11:11:11 interface ge-1/1/3 vlan 40
admin@PICOS# commit
  • No labels