No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Security

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document provides the basic concepts, configuration procedures, and configuration examples in different application scenarios of the network management feature supported by the device.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
IPSG Does Not Take Effect Because IPSG Is Not Enabled on the Interface or VLAN

IPSG Does Not Take Effect Because IPSG Is Not Enabled on the Interface or VLAN

Fault Description

Binding entries have been generated, but the IPSG function does not take effect.

Procedure

  1. Check whether the IPSG function is enabled on the specified interface or VLAN.

    After a binding entry is created, IPSG does not take effect. IPSG takes effect only after it is enabled on the specified interface or VLAN.

    You can enable IPSG on the interface or in the VLAN. The differences are as follows:

    • Enabling IPSG on an interface: IPSG checks all packets received by the interface against the binding entry. Choose this method if you need to check IP packets on the specified interfaces and trust other interfaces. In addition, this method is convenient if an interface belongs to multiple VLANs because you do not need to enable IPSG in each VLAN.

    • Enabling IPSG in a VLAN: IPSG checks the packets received by all interfaces in the VLAN against the binding entry. Choose this method if you need to check IP packets in the specified VLANs and trust other VLANs. In addition, this method is convenient if multiple interfaces belong to the same VLAN because you do not need to enable IPSG on each interface.

    IPSG takes effect only on the interface or VLAN where it is enabled, and IPSG check is not performed on the interfaces or VALNs without IPSG enabled. Therefore, if IPSG does not take effect on an interface or in a VLAN, the IPSG function may not be enabled on this interface or in this VLAN.

  2. Run the display ip source check user-bind { vlan vlan-id | interface interface-type interface-number } command to check whether IPSG is enabled on the interface or VLAN connected to access users.
  3. If IPSG is not enabled on the interface, run the display this command in the VLAN view to check whether IPSG is enabled in the VLAN connected to access users.
  4. If IPSG is neither enabled on the interface nor enabled in the VLAN ("ip source check user-bind enable" not displayed in the command output), run the ip source check user-bind enable command in the interface or VLAN view to enable IPSG.
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100034077

Views: 127986

Downloads: 231

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next