set ipv6-source-guard enable

The set ipv6-source-guard enable command can be used to enable or disable IPv6 source guard function based on ingress interface and VLAN of the packet.

The delete ipv6-source-guard enable command deletes the configuration.

Command Syntax

set ipv6-source-guard interface <interface-name> vlan <vlan-id> enable <true | false>

delete ipv6-source-guard interface <interface-name> vlan <vlan-id> enable

Parameter

Parameter	Description
interface <interface-name>	Specifies an ingress interface name. The value is a physical port or a LAG port, such as ge-1/1/1, te-1/1/2, ae1. Note: IPv6 source guard be enabled on a physical interface or a Link Aggregation Group (LAG) interface but cannot be enabled on the member interfaces of a LAG.
vlan <vlan-id>	Specifies a VLAN ID. The value is an integer that ranges from 1 to 4094. For IPv6 source guard static binding table, specifies the VLAN ID manually configured in IPv6 source guard static binding table. For IPv6 source guard dynamic binding table, specifies the VLAN ID enabled DHCPv6 snooping.
enable <true \| false>	Enable or disable IPv6 source guard function. The value could be true or false. true: Enable IPv6 source guard function. false: Disable IPv6 source guard function. By default, IPv6 source guard function is disabled.

Usage Guidelines

IPv6 source guard should be enabled based on specific interfaces and VLANs. When IPv6 source guard is enabled based on a specific interface and VLAN, all packets from that interface and VLAN will be dropped except those that match entries in the IPv6 source guard binding table.

Packets received from interfaces or VLANs that do not have IPv6 source guard enabled will not be checked by the IPv6 source guard module and will be processed as normal.

Example

Enable IPv6 source guard on interface ge-1/1/3 and VLAN 20.

admin@PICOS# set ipv6-source-guard interface ge-1/1/3 vlan 20 enable true
admin@PICOS# commit