< Home

ip source check user-bind enable

Function

The ip source check user-bind enable command enables IP source guard on APs.

The undo ip source check user-bind enable command disables IP source guard on APs.

By default, IP source guard is disabled on APs.

Format

ip source check user-bind enable

undo ip source check user-bind enable

Parameters

None

Views

VAP profile view

Default Level

2: Configuration level

Usage Guidelines

Users can configure static IP addresses for their clients and connect to the Internet after passing 802.1X authentication. To defend against source IP address spoofing attacks, you need to enable IP source guard on APs.

To prevent IP packets of unauthorized users from entering external networks through an AP, enable IP source guard in a VAP profile and bind the VAP profile to an AP or AP group. The IP source guard function can filter incoming packets on an AP radio interface, preventing unauthorized packets from passing through the AP.

Example

# Enable IP source guard on APs.

<HUAWEI> system-view
[HUAWEI] wlan 
[HUAWEI-wlan-view] vap-profile name vap1
[HUAWEI-wlan-vap-prof-vap1] ip source check user-bind enable
Parent Topic: WLAN Security Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >