set ip-source-guard verify

The set ip-source-guard verify command configures IP source guard filtering item based on specific interface and VLAN.

The delete ip-source-guard verify command deletes the configuration.

 

Command Syntax

set ip-source-guard interface <interface-name> vlan <vlan-id> verify <ip | ip+mac>

delete ip-source-guard interface <interface-name> vlan <vlan-id> verify

 

Parameter

Parameter

Description

interface <interface-name>

Specifies an ingress interface name. The value is a physical port or a LAG port, such as ge-1/1/1, te-1/1/2, ae1.

Note:

IP source guard be enabled on a physical interface or a Link Aggregation Group (LAG) interface but cannot be enabled on the member interfaces of a LAG.

vlan <vlan-id>

Specifies a VLAN ID. The value is an integer that ranges from 1 to 4094.

  • For IP source guard static binding table, specifies the VLAN ID manually configured in IP source guard static binding table.

  • For IP source guard dynamic binding table, specifies the VLAN ID enabled DHCP snooping.

verify <ip | ip+mac>

Specifies the filtering item based on specific interface and VLAN. The value could be ip or ip+mac.

  • When “ip” is specified, enables IP Source Guard with interface + VLAN + Source IP filtering.

  • When “ip+mac” is specified, enables IP Source Guard with interface + VLAN + Source IP + Source MAC address filtering.

The default value is ip, IP Source Guard filtering item is interface + VLAN + Source IP.

 

Example

  • Configure IP source guard filtering item based on specific interface and VLAN.

admin@PICOS# set ip-source-guard interface te-1/1/3 vlan 20 verify ip+mac admin@PICOS# commit

Copyright © 2024 Pica8 Inc. All Rights Reserved.