IPSG Configuration
show ipv4-source-check config
Section titled “show ipv4-source-check config”[Command] show ipv4-source-check config
[Purpose] View the IP packet inspection function configuration information
[View] System view
sonic# show ipv4-source-check config+-------------+---------------+----------------------+| Interface | Check mode | Trusted interfaces |+=============+===============+======================+| Ethernet1 | False | |+-------------+---------------+----------------------+show ipv6-source-check config
Section titled “show ipv6-source-check config”[Command] show ipv6-source-check config
[Purpose] View the configuration information of IPv6 packet inspection function
[View] System view
sonic# show ipv6-source-check config+-------------+---------------+----------------------+| Interface | Check mode | Trusted interfaces |+=============+===============+======================+| Ethernet1 | False | |+-------------+---------------+----------------------+ipv4-source-check {enable|trusted}
Section titled “ipv4-source-check {enable|trusted}”[Command] ipv4-source-check {enable|trusted} no ipv4-source-check {enable|trusted}
[Purpose] Enable IPv4 packet inspection for physical interfaces
[View] Interface Configuration View
[Usage Scenario] When multiple VLANs are bound to an interface, enabling IPv4 source verification for trusted traffic causes all packets entering the VLAN via this interface to be trusted.
[Comment] The ipv4-source-check enable and ipv4-source-check trusted settings cannot be configured simultaneously under the interface.
sonic(config)# interface ethernet 1sonic(config-if-1)# ipv4-source-check trustedipv4-source-check enable
Section titled “ipv4-source-check enable”[Command] ipv4-source-check enable no ipv4-source-check enable
[Purpose] Enable IPv4 packet inspection function
[View] VLAN view
[Usage Scenario] When the IP packet inspection function is enabled, the device will compare the source IP and source MAC of the received IPv4 packet with the information in the snooping table entry and User-bind table entry, if it can hit, it means the user of the IPv4 packet is a legal user and allows the IPv4 packet of this user to pass, otherwise it is considered an illegal user and drops the IP packet.
sonic(config)# vlan 100sonic(config-vlan-100)# ipv4-source-check enableipv4-source-check trusted-interface
Section titled “ipv4-source-check trusted-interface”[Command] ipv4-source-check trust interface ethernet interface_id no ipv4-source-check trust interface ethernet interface_id
[Purpose] Configure IPSG Trusted Ports
[View] Vlan view
[Usage Scenario] After configuring as an IPSG trusted port, IPv4 packets received from this port for the specified VLAN will bypass IPSG inspection and be permitted to pass through unchecked.
sonic(config)# vlan 1sonic(config-if-1)# ipv4-source-check trust interface ethernet 2ipv6-source-check {enable|trusted}
Section titled “ipv6-source-check {enable|trusted}”[Command] ipv6-source-check {enable|trusted} no ipv6-source-check {enable|trusted}
[Purpose] Enable IPv6 packet inspection for physical interfaces
[View] Interface Configuration View
[Usage Scenario] When multiple VLANs are bound to an interface, enabling IPv6 source verification for trusted traffic causes all packets entering the VLAN via this interface to be trusted.
[Comment] The ipv6-source-check enable and ipv4-source-check trusted settings cannot be configured simultaneously under the interface.
sonic(config)# interface ethernet 10sonic(config-if-1)# ipv6-source-check trustedipv6-source-check enable
Section titled “ipv6-source-check enable”[Command] ipv6-source-check enable no ipv6-source-check enable
[Purpose] Enable IPv6 packet inspection function
[View] VLAN view
[Usage Scenario] When the IP packet inspection function is enabled, the device will compare the source IP and source MAC of the received IPv4 packet with the information in the snooping table entry and User-bind table entry, if it can hit, it means the user of the IPv4 packet is a legal user and allows the IPv4 packet of this user to pass, otherwise it is considered an illegal user and drops the IP packet.
sonic(config)# vlan 100sonic(config-vlan-100)# ipv6-source-check enableipv6-source-check trusted-interface
Section titled “ipv6-source-check trusted-interface”[Command] ipv6-source-check trust interface ethernet interface_id no ipv6-source-check trust interface ethernet interface_id
[Purpose] Configure IPSG Trusted Ports
[View] Vlan view
[Usage Scenario] After configuring as an IPSG trusted port, IPv4 packets received from this port for the specified VLAN will bypass IPSG inspection and be permitted to pass through unchecked.
sonic(config)# vlan 10sonic(config-if-10)# ipv4-source-check trust interface ethernet 2