Configure Effective Port IPv6 Source Guard Function Based on Static Entries
Network Requirements
- PC1 and PC2 are connected to IP Network via Device.
- Configure the port IPv6 Source Guard function based on static entries, so that PC1 can access IP Network normally and PC2 cannot access IP Network.
Network Topology
Figure 5–2 Networking of configuring effective port IPv6 Source Guard function based on static entries
Configuration Steps
Step 1: Configure the link type of VLAN and port on Device.
#Create VLAN2.
|
Device#configure terminal
Device(config)#vlan 2
Device(config-vlan2)#exit
|
#Configure the link type of port gigabitethernet0/1 as Access, permitting the services of VLAN2 to pass.
|
Device(config)#interface gigabitethernet 0/1
Device(config-if-gigabitethernet0/1)#switchport mode access
Device(config-if-gigabitethernet0/1)#switchport access vlan 2
Device(config-if-gigabitethernet0/1)#exit
|
Step 2: Configure the port IPv6 Source Guard function on Device.
#Enable the port IPv6 Source Guard function based on MAC+VLAN filtering mode on port gigabitethernet0/1, and configure the IP address as 1000::1, and the port IPv6 Source Guard bound entry of VLAN 2.
|
Device(config)#interface gigabitethernet 0/1
Device(config-if-gigabitethernet0/1)#ipv6 verify source
Device(config-if-gigabitethernet0/1)#ipv6 source binding ip-address 1000::1 vlan 2
Device(config-if-gigabitethernet0/1)#exit
|
Step 3: Check the result.
# View the configuration information of IPv6 Source Guard.
Device#show ipv6 source guard
---------------------------------------------
IP source guard interfaces on slot 0 :
Total number of enabled interfaces : 1
---------------------------------------------
Interface Name Status Verify Type L2 Status
---------------------------------------------
gi0/1 Enabled IP Disabled
gi0/2 Disabled IP Disabled
gi0/3 Disabled IP Disabled
gi0/4 Disabled IP Disabled
……
We can see that the IPv6 Source Guard function is enabled on port gigabitethernet0/1. The static IPv6 Source Guard entry takes effect according to the configured MAC+VLAN entry, not related with the Verify Type value. Therefore, the above example takes effect based on MAC+VLAN.
#View the port IPv6 Source Guard bound entry.
Device #show ipv6 binding table
------global Ipv6 and mac binding entry------
total :0
---------------------------------------------
IPv6 Source Guard binding table on slot 0
Total binding entries : 1
Static binding entries : 1
Static not write entries : 0
Dynamic binding entries : 0
Dynamic not write entries : 0
PCE writing entries : 1
------------------------------------------------------------------------------
Interface-Name MAC-Address VLAN-ID Type-Flag Writing-Flag L2-Flag IP-Address
------------------------------------------------------------------------------
gi0/1 2 Static Write Not Write 1000::1
#PC1 can access IP Network normally and PC2 cannot access IP Network.
Switch
.png){kind=icon}
.png){kind=logo}
.jpg)
.png){kind=logo}
