Configure IP Source Guard on a Port for IPv6 Addresses
Before you begin
Ensure that the following conditions are all satisfied, before you enable IPSG on a port. Otherwise, the system displays error messages.
-
DHCP Snooping is enabled globally.
-
The port is a member of a VLAN that is configured with both DHCP Snooping and IPv6 Neighbor Discovery inspection.
-
The port is an untrusted port enabled with both DHCP Snooping and IPv6 Neighbor Discovery inspection.
-
The port has enough resources allocated to support the maximum number of 10 IP addresses allowed for IPSG.
About this task
Enable IPSG to add a higher level of security to a desired port, by preventing IP spoofing. When you enable IPSG on an interface, filters are automatically installed for the IPv6 addresses that are already learned on that interface.
Procedure
- In the navigation pane, expand .
- Select IPv6.
- Select the Source Guard tab.
- Double-click InterfaceState .
- Select a value:true or false.
- Double-click MaxAddr.
- Enter the maximum number of IPv6 addresses that are allowed to transmit data on the port.
- Optional: To clear the overflow counters, double-click ClearOverflowCount, and then select true.
- Select Apply to save your changes.
- Select Refresh to update the Source Guard tab.
Source Guard Field Descriptions
Use the data in the following table to use the Source Guard tab.
Name |
Description |
---|---|
IfIndex |
Specifies a value that uniquely identifies the port. |
InterfaceState |
Specifies the state of the interface. The default value is false. |
MaxAddr |
Specifies the maximum number of IPv6 addresses allowed to transmit data through the port. The default value is 4. Note:
To reset the value to default, IPSG must first be disabled on the interface. |
OverflowCount |
Specifies the number of IPv6 addresses for which filters are not added on the IPSG port, due to a lack of filter resources. The default value is 0. |
ClearOverflowCount |
Specifies whether the overflow counter must be cleared. By default, the value is false. |