Configure Global IPv6 Source Guard Function
Configuration Condition
None
Configure Global IPv6 Source Guard Function
To protect the security of the user IPv6 address and prevent other user from using its own IPv6 address, we can configure the global IPv6 Source Guard function to bind the user IPv6 address and MAC address. The global IP Source Guard bound entries of the configured user IPv6 address and MAC address are directly written to the chip, so as to filter the invalid IPv6 packets.
Table 5-7 Configure the global IPv6 Source Guard function
|
Step
|
Command
|
Description
|
|
Enter global configuration mode
|
config terminal
|
-
|
|
Configure the global IPv6 Source Guard function
|
ipv6 source binding mac-address mac-address ipv6-address ipv6_address
|
Mandatory
By default, there is no global IPv6 Source Guard bound entry and the function is disabled.
|
-
The global IPv6 Source Guard bound entries support 40 at most. After exceeding 40, the configuration fails.
- The configured global IPv6 Source Guard bound entries are directly written to the chip. The number of the bound entries written to the chip depends on the available chip entry resources. If the chip entry resources are used up and it is necessary to add the global IPv6 Source Guard bound entries, we need to delete the related bound entries of some chip entry resources.
- If the port IPv6 Source Guard and global IPv6 Source Guard functions are enabled at the same time, the IP packet received by the port needs to match the bound entries of the port IPv6 Source Guard and global IPv6 Source Guard at the same time so that it can be forwarded. Otherwise, it is dropped.
Switch
.png){kind=icon}
.png){kind=logo}
