20-18
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
OL-26520-01
Chapter 20 Configuring DHCP and IP Source Guard Features
Configuring IP Source Guard
This example shows how to stop IPSG with static hosts on an interface.
Switch(config-if)# no ip verify source
Switch(config-if)# no ip device tracking max
This example shows how to enable IPSG with static hosts on a port.
Switch(config)# ip device tracking
Switch(config)# ip device tracking max 10
Switch(config-if)# ip verify source tracking port-security
This example shows how to enable IPSG for static hosts with IP filters on a Layer 2 access port and to
verify the valid IP bindings on the interface Gi0/3:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip device tracking
Switch(config)# interface gigabitethernet 0/3
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10
Switch(config-if)# ip device tracking maximum 5
Switch(config-if)# ip verify source tracking
Switch(config-if)# end
Switch# show ip verify source
Interface Filter-type Filter-mode IP-address Mac-address Vlan
--------- ----------- ----------- --------------- ----------------- ----
Gi0/3 ip trk active 40.1.1.24 10
Gi0/3 ip trk active 40.1.1.20 10
Gi0/3 ip trk active 40.1.1.21 10
This example shows how to enable IPSG for static hosts with IP-MAC filters on a Layer 2 access port,
to verify the valid IP-MAC bindings on the interface Gi0/3, and to verify that the number of bindings on
this interface has reached the maximum:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip device tracking
Switch(config)# interface gigabitethernet 0/3
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 1
Switch(config-if)# ip device tracking maximum 5
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 5
Switch(config-if)# ip verify source tracking port-security
Switch(config-if)# end
Step 11
show ip verify source interface interface-id Verify the configuration and display IPSG permit ACLs
for static hosts.
Step 12
show ip device track all
[active | inactive] count
Verify the configuration by displaying the IP-to-MAC
binding for a given host on the switch interface.
• all active—display only the active IP or MAC
binding entries
• all inactive—display only the inactive IP or MAC
binding entries
• all—display the active and inactive IP or MAC
binding entries
Command Purpose
To Next Page
Loading...
