Why does IPSG fail to take effect

The possible causes are as follows:

--Invalid binding entries
A static binding table is created using the user-bind static command. A dynamic binding table is generated only after the DHCP snooping function is enabled.

--IPSG not enabled on the specified interface or VLAN
After a binding table is generated, the IPSG function must be enabled in the interface or VLAN view using the ip source check user-bind enable command.
IPSG takes effect only on the interface or VLAN where it is enabled, and IPSG check is not performed on the interfaces or VALNs without IPSG enabled. Therefore, if IPSG does not take effect on an interface or in a VLAN, the IPSG function may not be enabled on this interface or in this VLAN.

--Insufficient hardware ACL resources
The hardware ACL resources are shared by IPSG and other services. If the ACL resources are insufficient, IPSG cannot take effect.
For example, you can run the display dhcp static user-bind all verbose command to view the IPSG status corresponding to static binding entries. If the value of IPSG Status is ineffective, IPSG of this entry does not take effect. The possible reason is that hardware ACL resources are insufficient.

--Conflict between IPSG and QoS traffic policy
This situation may only occur in V1R6C05. When a QoS traffic policy conflicts with IPSG, the traffic behavior in the QoS traffic policy takes effect.

Scroll to top