Maipu Administration Guide

Configure Effective Port IPv6 Source Guard Function Based on Static Entries

Network Requirements

PC1 and PC2 are connected to IP Network via Device.
Configure the port IPv6 Source Guard function based on static entries, so that PC1 can access IP Network normally and PC2 cannot access IP Network.

Network Topology

Networking of configuring effective port IPv6 Source Guard function based on static entries

Figure 5–2 Networking of configuring effective port IPv6 Source Guard function based on static entries

Configuration Steps

Step 1: Configure the link type of VLAN and port on Device.

#Create VLAN2.

Device#configure terminal
Device(config)#vlan 2
Device(config-vlan2)#exit

#Configure the link type of port gigabitethernet0/1 as Access, permitting the services of VLAN2 to pass.

Device(config)#interface gigabitethernet 0/1
Device(config-if-gigabitethernet0/1)#switchport mode access
Device(config-if-gigabitethernet0/1)#switchport access vlan 2
Device(config-if-gigabitethernet0/1)#exit

Step 2: Configure the port IPv6 Source Guard function on Device.

#Enable the port IPv6 Source Guard function based on MAC+VLAN filtering mode on port gigabitethernet0/1, and configure the IP address as 1000::1, and the port IPv6 Source Guard bound entry of VLAN 2.

Device(config)#interface gigabitethernet 0/1
Device(config-if-gigabitethernet0/1)#ipv6 verify source
Device(config-if-gigabitethernet0/1)#ipv6 source binding ip-address 1000::1 vlan 2
Device(config-if-gigabitethernet0/1)#exit

Step 3: Check the result.

# View the configuration information of IPv6 Source Guard.

Device#show ipv6 source guard
--------------------------------------------- 
IP source guard interfaces on slot 0 : 
    Total number of enabled interfaces : 1 
--------------------------------------------- 
Interface Name Status     Verify Type  L2 Status    
---------------------------------------------  
gi0/1          Enabled    IP           Disabled
gi0/2          Disabled   IP           Disabled
gi0/3          Disabled   IP           Disabled
gi0/4          Disabled   IP           Disabled 
……

We can see that the IPv6 Source Guard function is enabled on port gigabitethernet0/1. The static IPv6 Source Guard entry takes effect according to the configured MAC+VLAN entry, not related with the Verify Type value. Therefore, the above example takes effect based on MAC+VLAN.

#View the port IPv6 Source Guard bound entry.

Device #show ipv6 binding table 
------global Ipv6 and mac binding entry------
 total :0 
---------------------------------------------
 	 IPv6 Source Guard binding table on slot 0 
     Total binding entries    : 1 
     Static binding entries   : 1 
     Static not write entries : 0 
     Dynamic binding entries : 0 
     Dynamic not write entries : 0 
     PCE writing entries      : 1 
------------------------------------------------------------------------------
Interface-Name MAC-Address VLAN-ID Type-Flag Writing-Flag L2-Flag   IP-Address               
------------------------------------------------------------------------------
gi0/1	                   2       Static    Write        Not Write 1000::1

#PC1 can access IP Network normally and PC2 cannot access IP Network.