Security
IP Source Guard
473 Cisco 500 Series Stackable Managed Switch Administration Guide
21
Binding Database
IP Source Guard uses the DHCP Snooping Binding database to check packets
from untrusted ports. If the device attempts to write too many entries to the DHCP
Snooping Binding database, the excessive entries are maintained in an inactive
status. Entries are deleted when their lease time expires and so inactive entries
may be made active.
See DHCPv4 Snooping/Relay.
NOTE The Binding Database page only displays the entries in the DHCP Snooping
Binding database defined on IP-Source-Guard-enabled ports.
To view the DHCP Snooping Binding database and see TCAM usage, set Insert
Inactive:
STEP 1 Click Security > IP Source Guard > Binding Database.
STEP 2 The DHCP Snooping Binding database uses TCAM resources for managing the
database. Complete the Insert Inactive field to select how frequently the device
should attempt to activate inactive entries. It has the following options:
• Retry Frequency—The frequency with which the TCAM resources are
checked.
• Never-Never try to reactivate inactive addresses.
STEP 3 Click Apply to save the above changes to the Running Configuration and/or Retry
Now to check TCAM resources.
The entries in the Binding database are displayed:
• VLAN ID—VLAN on which packet is expected.
• MAC Address—MAC address to be matched.
• IP Address—IP address to be matched.
• Interface—Interface on which packet is expected.
• Status—Displays whether interface is active.
• Type—Displays whether entry is dynamic or static.
• Reason—If the interface is not active, displays the reason. The following
reasons are possible:
- No Problem—Interface is active.
To Next Page
Loading...
Need help?
General
