The ip verify source-address command enables an interface to check validity of source IP addresses of received packets.
The undo ip verify source-address command disables an interface from checking validity of source IP addresses of received packets.
By default, an interface does not check validity of source IP addresses of received packets.
Configuring source IP address verification enables an interface to check validity of source IP addresses of received packets. Packets with invalid addresses are discarded, which improves the network security.
The following IP addresses are illegal source addresses:
The interface only checks validity of source IP addresses of the packets that need to be forwarded to the CPU, and does not check validity of source IP addresses of the packets that will be directly forwarded according to the FIB table.
If the mask in the IP address of the received packet is of 31 bits, the receiver considers it as a valid source address without checking the broadcast address of the subnet.
Run the display this command in the interface view to check configuration of checking validity of source IP addresses.
# Enable VLANIF100 to check validity of source IP addresses of received packets.
<HUAWEI> system-view [HUAWEI] interface vlanif 100 [HUAWEI-Vlanif100] ip verify source-address
<HUAWEI> system-view [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] undo portswitch [HUAWEI-GigabitEthernet0/0/1] ip verify source-address