Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring IP Source Address Validation

    You can configure IP source address validation on an E Series router with the following tasks:

    Enabling IP Source Address Validation

    Source address validation verifies that a packet has been sent from a valid source address. When a packet arrives on an interface, the router performs a routing table lookup using the source address. The result from the routing table lookup is an interface to which packets destined for that address are routed. This interface must match the interface on which the packet arrived. If it does not match, the router drops the packet.

    Note:

    • Before you configure IP, you must create the lower-layer interfaces over which IP traffic flows.
    • All IP configurations will be removed from the interface when you issue the no ip interface command in Interface Configuration mode.

    To enable source address validation:

    • Issue the ip sa-validate command in Interface Configuration mode.
      host1(config-if)#ip sa-validate

      Use the no version to disable source address validation.

    Enabling IP Source Address Validation Traps

    You can enable the generation of traps for source address validation failure using the ip sa-validate trap-enable command.

    You can specify a VRF context for which you want to enable trap validation for source address validation.

    Note: To fully enable source address validation traps, you must also enable the IP trap category with the snmp-server trap enable command. See JunosE System Basics Configuration Guide for more information.

    To enable the generation of traps for source address validation failure on the router:

    • Issue the ip sa-validate trap-enable command in Global Configuration mode.
      host1(config)#ip sa-validate trap-enable

      Use the no version to disable the generation of source address validation failure traps on the router.

    Published: 2014-08-13