No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Security

S7700 and S9700 V200R011C10

This document describes the configurations of Security, including ACL, reflective ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, URPF, keychain, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
IPSG Does Not Take Effect Because IPSG Is Not Enabled on the Interface or VLAN

IPSG Does Not Take Effect Because IPSG Is Not Enabled on the Interface or VLAN

Fault Description

Binding entries have been generated, but the IPSG function does not take effect.

Procedure

  1. Check whether the IPSG function is enabled on the specified interface or VLAN.

    IPSG does not take effect immediately after a binding entry is created. IPSG takes effect only after it is enabled on the specified interface or VLAN.

    1. Run the display ip source check user-bind interface interface-type interface-number command to check whether IPSG is enabled on the interface connected to access users.

    2. If IPSG is not enabled on the interface, run the display this command in the VLAN view to check whether IPSG is enabled in the VLAN connected to access users.
    3. If IPSG is not enabled on the interface or in the VLAN ("ip source check user-bind enable" is not displayed in the command output), run the ip source check user-bind enable command in the interface or VLAN view to enable IPSG.

    You can enable IPSG on the interface or in the VLAN. The differences are as follows:

    • Enabling IPSG on an interface: IPSG checks all packets received by the interface against the binding entry. Choose this method if you need to check IP packets on the specified interfaces and trust other interfaces. In addition, this method is convenient if an interface belongs to multiple VLANs because you do not need to enable IPSG in each VLAN.

    • Enabling IPSG in a VLAN: IPSG checks the packets received by all interfaces in the VLAN against the binding entry. Choose this method if you need to check IP packets in the specified VLANs and trust other VLANs. In addition, this method is convenient if multiple interfaces belong to the same VLAN because you do not need to enable IPSG on each interface.

    IPSG takes effect only on the interface or VLAN where it is enabled, and IPSG check is not performed on the interfaces or VLANs without IPSG enabled. Therefore, if IPSG does not take effect on an interface or in a VLAN, the IPSG function may not be enabled on this interface or in this VLAN.

Translation
Download
Updated: 2019-10-18

Document ID: EDOC1000178319

Views: 152762

Downloads: 84

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next