Cisco Catalyst 3560-X

To Next Page

To Previous Page

1-22

Catalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-03

Chapter 1 Configuring DHCP Features and IP Source Guard

Configuring IP Source Guard

This example shows how to stop IPSG with static hosts on an interface.

Switch(config-if)# no ip verify source

Switch(config-if)# no ip device tracking max

This example shows how to enable IPSG with static hosts on a port.

Switch(config)# ip device tracking

Switch(config)# ip device tracking max 10

Switch(config-if)# ip verify source tracking port-security

This example shows how to enable IPSG for static hosts with IP filters on a Layer 2 access port and to

verify the valid IP bindings on the interface Gi1/0/3:

Switch# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)# ip device tracking

Switch(config)# interface gigabitethernet1/0/3

Switch(config-if)# switchport mode access

Switch(config-if)# switchport access vlan 10

Switch(config-if)# ip device tracking maximum 5

Switch(config-if)# ip verify source tracking

Switch(config-if)# end

Switch# show ip verify source

Interface Filter-type Filter-mode IP-address Mac-address Vlan

--------- ----------- ----------- --------------- ----------------- ----

Gi1/0/3 ip trk active 40.1.1.24 10

Gi1/0/3 ip trk active 40.1.1.20 10

Gi1/0/3 ip trk active 40.1.1.21 10

This example shows how to enable IPSG for static hosts with IP-MAC filters on a Layer 2 access port,

to verify the valid IP-MAC bindings on the interface Gi1/0/3, and to verify that the number of bindings

on this interface has reached the maximum:

Switch# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)# ip device tracking

Switch(config)# interface gigabitethernet1/0/3

Switch(config-if)# switchport mode access

Switch(config-if)# switchport access vlan 1

Switch(config-if)# ip device tracking maximum 5

Switch(config-if)# switchport port-security

Switch(config-if)# switchport port-security maximum 5

Switch(config-if)# ip verify source tracking port-security

Switch(config-if)# end

Step 11

show ip verify source interface interface-id Verify the configuration and display IPSG permit ACLs

for static hosts.

Step 12

show ip device track all

[active | inactive] count

Verify the configuration by displaying the IP-to-MAC

binding for a given host on the switch interface.

• all active—display only the active IP or MAC

binding entries

• all inactive—display only the inactive IP or MAC

binding entries

• all—display the active and inactive IP or MAC

binding entries

Command Purpose

Main Page

Cisco Catalyst 3560-X

Table of Contents

Related product manuals