IPSG Configuration

show ipv4-source-check config

[Command] show ipv4-source-check config

[Purpose] View the IP packet inspection function configuration information

[View] System view

[Use Cases]

sonic# show ipv4-source-check config
+--------------+-------------+
| Interfaces | Check mode |
+==============+=============+
| Vlan43 | true |
+--------------+-------------+

show ipv6-source-check config

[Command] show ipv6-source-check config

[Purpose] View the configuration information of IPv6 packet inspection function

[View] System view

[Use Cases]

sonic# show ipv6-source-check config
+--------------+--------------+
| Interfaces | Check mode |
+==============+==============+
| Vlan43 | true |
+--------------+--------------+

ipv4-source-check enable

[Command] ipv4-source-check enable no ipv4-source-check enable

[Purpose] Enable IPv4 packet inspection function

[View] VLAN view

[Notes] When the IP packet inspection function is enabled, the device will compare the source IP and source MAC of the received IPv4 packet with the information in the snooping table entry and User-bind table entry, if it can hit, it means the user of the IPv4 packet is a legal user and allows the IPv4 packet of this user to pass, otherwise it is considered an illegal user and drops the IP packet.

[Use Cases]

sonic(config)# vlan 100
sonic(config-vlan-100)# ipv4-source-check enable

ipv4-source-check trusted-interface

[Command] ipv4-source-check trusted-interface vlanVLAN-ID no ipv4-source-check trusted-interface vlanVLAN-ID

[Purpose] Configuring IPSG trusted ports

[View] Interface view

[Notes] When configured as an IPSG trusted port, IPv4 packets received from this port will not be IPSG checked and will all be allowed to pass.

[Use Cases]

sonic(config)# interface ethernet 1
sonic(config-if-1)# ipv4-source-check trusted-interface vlan 10

ipv4-source-check alarm enable

[Command] ipv4-source-check alarm enable ipv4-source-check alarm thresholdalarm_threshold

[Purpose] Enable the packet inspection alarm function

[View] Interface view

[Notes] When this feature is enabled, when the packets discarded on the device due to the packet inspection function exceed the alarm threshold, a log is recorded.

[Use Cases]

sonic(config)# interface ethernet 1
sonic(config-if-1)# ipv4-source-check alarm enable

ipv6-source-check enable

[Command] ipv6-source-check enable no ipv6-source-check enable

[Purpose] Enable IPv6 packet inspection function

[View] VLAN view

[Notes] When the IP packet inspection function is enabled, the device will compare the source IP, source MAC, snooping table entry and User-bind table entry of the received IPv6 packet, if it can hit, it means the user of the IPv6 packet is a legitimate user and allows the IPv6 packet of this user to pass, otherwise it is considered an illegal user and drops the IP packet.

[Use Cases]

sonic(config)# vlan 100
sonic(config-vlan-100)# ipv6-source-check enable

ipv6-source-check trusted-interface

[Command] ipv6-source-check trusted-interface vlanVLAN-ID no ipv6-source-check trusted-interface vlanVLAN-ID

[Purpose] Configuring IPSG trusted ports

[View] VLAN view

[Notes] When configured as an IPSG trusted port, IPv6 messages received from this port will not be IPSG checked and will all be allowed to pass.

[Use Cases]

sonic(config)# interface ethernet 1
sonic(config-if-1)# ipv6-source-check trusted-interface vlan 10

ipv6-source-check alarm enable

[Command] ipv6-source-check alarm enable ipv6-source-check alarm thresholdalarm_threshold

[Purpose] Enable the packet inspection alarm function

[View] Interface view

[Notes] When this feature is enabled, when the packets discarded on the device due to the packet inspection function exceed the alarm threshold, a log is recorded.

[Use Cases]

sonic(config)# interface ethernet 1
sonic(config-if-1)# ipv6-source-check alarm enable