Configuring IP Source Address Validation

You can configure IP source address validation on an E Series router with the following tasks:

Enabling IP Source Address Validation

Source address validation verifies that a packet has been sent from a valid source address. When a packet arrives on an interface, the router performs a routing table lookup using the source address. The result from the routing table lookup is an interface to which packets destined for that address are routed. This interface must match the interface on which the packet arrived. If it does not match, the router drops the packet.

Note:

  • Before you configure IP, you must create the lower-layer interfaces over which IP traffic flows.
  • All IP configurations will be removed from the interface when you issue the no ip interface command in Interface Configuration mode.

To enable source address validation:

Enabling IP Source Address Validation Traps

You can enable the generation of traps for source address validation failure using the ip sa-validate trap-enable command.

You can specify a VRF context for which you want to enable trap validation for source address validation.

Note: To fully enable source address validation traps, you must also enable the IP trap category with the snmp-server trap enable command. See JunosE System Basics Configuration Guide for more information.

To enable the generation of traps for source address validation failure on the router:

Related Documentation