Command Line Reference
Security Configuration
IPSG Configuration
6 min
show ipv4 source check config show ipv4 source check config \[command] show ipv4 source check config \[purpose] view the ip packet inspection function configuration information \[view] system view \[use cases] sonic# show ipv4 source check config + + + \| interfaces | check mode | +==============+=============+ \| vlan43 | true | + + + show ipv6 source check config show ipv6 source check config \[command] show ipv6 source check config \[purpose] view the configuration information of ipv6 packet inspection function \[view] system view \[use cases] sonic# show ipv6 source check config + + + \| interfaces | check mode | +==============+==============+ \| vlan43 | true | + + + ipv4 source check enable ipv4 source check enable \[command] ipv4 source check enable no ipv4 source check enable \[purpose] enable ipv4 packet inspection function \[view] vlan view,interface view \[usage scenario] when the ip packet inspection function is enabled, the device will compare the source ip and source mac of the received ipv4 packet with the information in the snooping table entry and user bind table entry, if it can hit, it means the user of the ipv4 packet is a legal user and allows the ipv4 packet of this user to pass, otherwise it is considered an illegal user and drops the ip packet \[use cases] sonic(config)# vlan 100 sonic(config vlan 100)# ipv4 source check enable ipv4 source check trusted interface ipv4 source check trusted interface \[command] ipv4 source check trusted interface vlan vlan id ipv4 source check trusted interface no ipv4 source check trusted interface vlan vlan id no ipv4 source check trusted interface \[purpose] configuring ipsg trusted ports or trusted vlan \[view] interface view \[usage scenario] when configured as an ipsg trusted port, ipv4 packets received from this port will not be ipsg checked and will all be allowed to pass \[use cases] sonic(config)# interface ethernet 1 sonic(config if 1)# ipv4 source check trusted interface vlan 10 ipv6 source check enable ipv6 source check enable \[command] ipv6 source check enable no ipv6 source check enable \[purpose] enable ipv6 packet inspection function \[view] vlan view,interface view \[usage scenario] when the ip packet inspection function is enabled, the device will compare the source ip, source mac, snooping table entry and user bind table entry of the received ipv6 packet, if it can hit, it means the user of the ipv6 packet is a legitimate user and allows the ipv6 packet of this user to pass, otherwise it is considered an illegal user and drops the ip packet \[use cases] sonic(config)# vlan 100 sonic(config vlan 100)# ipv6 source check enable ipv6 source check trusted interface ipv6 source check trusted interface \[command] ipv6 source check trusted interface vlan vlan id ipv6 source check trusted interface no ipv6 source check trusted interface vlan vlan id no ipv6 source check trusted interface \[purpose] configuring ipsg trusted ports or trusted vlan \[view] interface view \[usage scenario] when configured as an ipsg trusted port, ipv6 messages received from this port will not be ipsg checked and will all be allowed to pass \[use cases] sonic(config)# interface ethernet 1 sonic(config if 1)# ipv6 source check trusted interface vlan 10
