Command Line Reference
Security Configuration
IPSG Configuration
9 min
ipsg configuration show ipv4 source check config \[command] show ipv4 source check config \[purpose] view the ip packet inspection function configuration information \[view] system view sonic# show ipv4 source check config + + + + \| interface | check mode | trusted interfaces | +=============+===============+======================+ \| ethernet1 | false | | + + + + show ipv6 source check config \[command] show ipv6 source check config \[purpose] view the configuration information of ipv6 packet inspection function \[view] system view sonic# show ipv6 source check config + + + + \| interface | check mode | trusted interfaces | +=============+===============+======================+ \| ethernet1 | false | | + + + + ipv4 source check {enable|trusted} \[command] ipv4 source check {enable|trusted} no ipv4 source check {enable|trusted} \[purpose] enable ipv4 packet inspection for physical interfaces \[view] interface configuration view \[usage scenario] when multiple vlans are bound to an interface, enabling ipv4 source verification for trusted traffic causes all packets entering the vlan via this interface to be trusted \[comment] the ipv4 source check enable and ipv4 source check trusted settings cannot be configured simultaneously under the interface sonic(config)# interface ethernet 1 sonic(config if 1)# ipv4 source check trusted ipv4 source check enable \[command] ipv4 source check enable no ipv4 source check enable \[purpose] enable ipv4 packet inspection function \[view] vlan view \[usage scenario] when the ip packet inspection function is enabled, the device will compare the source ip and source mac of the received ipv4 packet with the information in the snooping table entry and user bind table entry, if it can hit, it means the user of the ipv4 packet is a legal user and allows the ipv4 packet of this user to pass, otherwise it is considered an illegal user and drops the ip packet sonic(config)# vlan 100 sonic(config vlan 100)# ipv4 source check enable ipv4 source check trusted interface \[command] ipv4 source check trust interface ethernet interface id no ipv4 source check trust interface ethernet interface id \[purpose] configure ipsg trusted ports \[view] vlan view \[usage scenario] after configuring as an ipsg trusted port, ipv4 packets received from this port for the specified vlan will bypass ipsg inspection and be permitted to pass through unchecked sonic(config)# vlan 1 sonic(config if 1)# ipv4 source check trust interface ethernet 2 ipv6 source check {enable|trusted} \[command] ipv6 source check {enable|trusted} no ipv6 source check {enable|trusted} \[purpose] enable ipv6 packet inspection for physical interfaces \[view] interface configuration view \[usage scenario] when multiple vlans are bound to an interface, enabling ipv6 source verification for trusted traffic causes all packets entering the vlan via this interface to be trusted \[comment] the ipv6 source check enable and ipv4 source check trusted settings cannot be configured simultaneously under the interface sonic(config)# interface ethernet 10 sonic(config if 1)# ipv6 source check trusted ipv6 source check enable \[command] ipv6 source check enable no ipv6 source check enable \[purpose] enable ipv6 packet inspection function \[view] vlan view \[usage scenario] when the ip packet inspection function is enabled, the device will compare the source ip and source mac of the received ipv4 packet with the information in the snooping table entry and user bind table entry, if it can hit, it means the user of the ipv4 packet is a legal user and allows the ipv4 packet of this user to pass, otherwise it is considered an illegal user and drops the ip packet sonic(config)# vlan 100 sonic(config vlan 100)# ipv6 source check enable ipv6 source check trusted interface \[command] ipv6 source check trust interface ethernet interface id no ipv6 source check trust interface ethernet interface id \[purpose] configure ipsg trusted ports \[view] vlan view \[usage scenario] after configuring as an ipsg trusted port, ipv4 packets received from this port for the specified vlan will bypass ipsg inspection and be permitted to pass through unchecked sonic(config)# vlan 10 sonic(config if 10)# ipv4 source check trust interface ethernet 2
