Skip to content
AsterNOS
Ask AI

IPSG Configuration

show ipv4-source-check config

Section titled “show ipv4-source-check config”

[Command] show ipv4-source-check config

[Purpose] View the IP packet inspection function configuration information

[View] System view

[Use Cases]

sonic# show ipv4-source-check config
+--------------+-------------+
| Interfaces   | Check mode  |
+==============+=============+
| Vlan43       | true        |
+--------------+-------------+

show ipv6-source-check config

Section titled “show ipv6-source-check config”

[Command] show ipv6-source-check config

[Purpose] View the configuration information of IPv6 packet inspection function

[View] System view

[Use Cases]

sonic# show ipv6-source-check config
+--------------+--------------+
| Interfaces   | Check mode   |
+==============+==============+
| Vlan43       | true         |
+--------------+--------------+

ipv4-source-check enable

Section titled “ipv4-source-check enable”

[Command] ipv4-source-check enable no ipv4-source-check enable

[Purpose] Enable IPv4 packet inspection function

[View] VLAN view,Interface view

[Usage Scenario] When the IP packet inspection function is enabled, the device will compare the source IP and source MAC of the received IPv4 packet with the information in the snooping table entry and User-bind table entry, if it can hit, it means the user of the IPv4 packet is a legal user and allows the IPv4 packet of this user to pass, otherwise it is considered an illegal user and drops the IP packet.

[Use Cases]

sonic(config)# vlan 100
sonic(config-vlan-100)# ipv4-source-check enable

ipv4-source-check trusted-interface

Section titled “ipv4-source-check trusted-interface”

[Command] ipv4-source-check trusted-interface vlan vlan_id ipv4-source-check trusted-interface no ipv4-source-check trusted-interface vlan vlan_id no ipv4-source-check trusted-interface

[Purpose] Configuring IPSG trusted ports or trusted VLAN

[View] Interface view

[Usage Scenario] When configured as an IPSG trusted port, IPv4 packets received from this port will not be IPSG checked and will all be allowed to pass.

[Use Cases]

sonic(config)# interface ethernet 1
sonic(config-if-1)# ipv4-source-check trusted-interface vlan 10

ipv6-source-check enable

Section titled “ipv6-source-check enable”

[Command] ipv6-source-check enable no ipv6-source-check enable

[Purpose] Enable IPv6 packet inspection function

[View] VLAN view,Interface view

[Usage Scenario] When the IP packet inspection function is enabled, the device will compare the source IP, source MAC, snooping table entry and User-bind table entry of the received IPv6 packet, if it can hit, it means the user of the IPv6 packet is a legitimate user and allows the IPv6 packet of this user to pass, otherwise it is considered an illegal user and drops the IP packet.

[Use Cases]

sonic(config)# vlan 100
sonic(config-vlan-100)# ipv6-source-check enable

ipv6-source-check trusted-interface

Section titled “ipv6-source-check trusted-interface”

[Command] ipv6-source-check trusted-interface vlan vlan_id ipv6-source-check trusted-interface no ipv6-source-check trusted-interface vlan vlan_id no ipv6-source-check trusted-interface

[Purpose] Configuring IPSG trusted ports or trusted VLAN

[View] Interface view

[Usage Scenario] When configured as an IPSG trusted port, IPv6 messages received from this port will not be IPSG checked and will all be allowed to pass.

[Use Cases]

sonic(config)# interface ethernet 1
sonic(config-if-1)# ipv6-source-check trusted-interface vlan 10