IPSG Does Not Take Effect Because IPSG Is Not Enabled on an Interface or VLAN

Procedure

1. Check whether the IPSG function is enabled on the specified interface or VLAN.

   IPSG does not take effect immediately after a binding entry is created. IPSG takes effect only after it is enabled on the specified interface or VLAN.

   1. Run the display ip source check user-bind interface interface-type interface-number command to check whether IPSG is enabled on the interface connected to access users.

   2. If IPSG is not enabled on the interface, run the display this command in the VLAN view to check whether IPSG is enabled in the VLAN connected to access users.
   3. If IPSG is not enabled on the interface or in the VLAN ("ipv4 source check user-bind enable" or "ipv6 source check user-bind enable" is not displayed in the command output), run the ip source check user-bind enable command in the interface or VLAN view to enable IPSG.

   You can enable IPSG on the interface or in the VLAN. The differences are as follows:

   • Enabling IPSG on an interface: IPSG checks all packets received by the interface against the binding entry. Choose this method if you need to check IP packets on the specified interfaces and trust other interfaces. This method is ideal if an interface belongs to multiple VLANs because you do not need to enable IPSG in each VLAN.

   • Enabling IPSG in a VLAN: IPSG checks the packets received by all interfaces in the VLAN against the binding entry. Choose this method if you need to check IP packets in the specified VLANs and trust other VLANs. This method is ideal if multiple interfaces belong to the same VLAN because you do not need to enable IPSG on each interface.

   IPSG takes effect only on the interface or VLAN where it is enabled, and IPSG check is not performed on the interfaces or VLANs without IPSG enabled. Therefore, if IPSG does not take effect on an interface or in a VLAN, the IPSG function may not be enabled on this interface or in this VLAN.