set ip-source-guard enable

The set ip-source-guard enable command can be used to enable or disable IP source guard function based on ingress interface and VLAN of the packet.

The delete ip-source-guard enable command deletes the configuration.

 

Command Syntax

set ip-source-guard interface <interface-name> vlan <vlan-id> enable <true | false>

delete ip-source-guard interface <interface-name> vlan <vlan-id> enable

 

Parameter

Parameter

Description

interface <interface-name>

Specifies an ingress interface name. The value is a physical port or a LAG port, such as ge-1/1/1, te-1/1/2, ae1.

Note:

IP source guard be enabled on a physical interface or a Link Aggregation Group (LAG) interface but cannot be enabled on the member interfaces of a LAG.

vlan <vlan-id>

Specifies a VLAN ID. The value is an integer that ranges from 1 to 4094.

  • For IP source guard static binding table, specifies the VLAN ID manually configured in IP source guard static binding table.

  • For IP source guard dynamic binding table, specifies the VLAN ID enabled DHCP snooping.

enable <true | false>

Enable or disable IP source guard function. The value could be true or false.

  • true: Enable IP source guard function.

  • false: Disable IP source guard function.

By default, IP source guard function is disabled.

 

Usage Guidelines

IP source guard should be enabled based on specific interfaces and VLANs. When IP source guard is enabled based on a specific interface and VLAN, all packets from that interface and VLAN will be dropped except those that match entries in the IP source guard binding table.

Packets received from interfaces or VLANs that do not have IP source guard enabled will not be checked by the IP source guard module and will be processed as normal.

 

Example

  • Enable IP source guard on interface ge-1/1/3 and VLAN 20.

admin@PICOS# set ip-source-guard interface ge-1/1/3 vlan 20 enable true admin@PICOS# commit

Copyright © 2024 Pica8 Inc. All Rights Reserved.