Configure IP Source Guard on a Port for IPv6 Addresses

Before you begin

Ensure that the following conditions are all satisfied, before you enable IPSG on a port. Otherwise, the system displays error messages.

DHCP Snooping is enabled globally.
The port is a member of a VLAN that is configured with both DHCP Snooping and IPv6 Neighbor Discovery inspection.
The port is an untrusted port enabled with both DHCP Snooping and IPv6 Neighbor Discovery inspection.
The port has enough resources allocated to support the maximum number of 10 IP addresses allowed for IPSG.

About this task

Enable IPSG to add a higher level of security to a desired port, by preventing IP spoofing. When you enable IPSG on an interface, filters are automatically installed for the IPv6 addresses that are already learned on that interface.

Procedure

In the navigation pane, expand Configuration > IPv6.
Select IPv6.
Select the Source Guard tab.
Double-click InterfaceState .
Select a value:true or false.
Double-click MaxAddr.
Enter the maximum number of IPv6 addresses that are allowed to transmit data on the port.
Optional: To clear the overflow counters, double-click ClearOverflowCount, and then select true.
Select Apply to save your changes.
Select Refresh to update the Source Guard tab.

Source Guard Field Descriptions

Use the data in the following table to use the Source Guard tab.


Name	Description
IfIndex	Specifies a value that uniquely identifies the port.
InterfaceState	Specifies the state of the interface. The default value is false.
MaxAddr	Specifies the maximum number of IPv6 addresses allowed to transmit data through the port. The default value is 4. Note: To reset the value to default, IPSG must first be disabled on the interface.
OverflowCount	Specifies the number of IPv6 addresses for which filters are not added on the IPSG port, due to a lack of filter resources. The default value is 0.
ClearOverflowCount	Specifies whether the overflow counter must be cleared. By default, the value is false.