Name: Cisco Catalyst 4500 Series
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

60-26

Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex

Chapter 60 Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts

Configuring IP Source Guard for Static Hosts

To stop IPSG with static hosts on an interface, use the following commands in interface configuration

submode:

Switch(config-if)# no ip verify source

Switch(config-if)# no ip device tracking max"

To enable IPSG with static hosts on a port, enter the following commands:

Switch(config)# ip device tracking ****enable IP device tracking globally

Switch(config)# ip device tracking max <n> ****set an IP device tracking maximum on int

Switch(config-if)# ip verify source tracking [port-security] ****activate IPSG on the port

Caution If you only configure the ip verify source tracking [port-security] interface configuration command

on a port without enabling IP device tracking globally or setting an IP device tracking maximum on that

interface, IPSG with static hosts will reject all the IP traffic from that interface.

This issue also applies to IPSG with static hosts on a PVLAN host port.

This example shows how to enable IPSG for static hosts with IP filters on a Layer 2 access port and to

verify the three valid IP bindings on the interface Fa4/3:

Switch# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)# ip device tracking

Switch(config)# interface fastEthernet 4/3

Switch(config-if)# switchport mode access

Switch(config-if)# switchport access vlan 10

Switch(config-if)# ip device tracking maximum 5

Switch(config-if)# ip verify source tracking

Switch(config-if)# end

Switch# show ip verify source

Interface Filter-type Filter-mode IP-address Mac-address Vlan

--------- ----------- ----------- --------------- ----------------- ----

Fa4/3 ip trk active 40.1.1.24 10

Fa4/3 ip trk active 40.1.1.20 10

Fa4/3 ip trk active 40.1.1.21 10

The following example shows how to enable IPSG for static hosts with IP MAC filters on a Layer 2

access port, to verify the five valid IP-MAC bindings on the interface Fa4/3, and to verify that the number

of bindings on this interface has reached the maximum limit:

Switch# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)# ip device tracking

Step 12

Switch# show ip verify source interface-name

Verifies the configuration.

Step 13

Switch# show ip device track all

[active | inactive] count

Verifies the configuration by displaying the IP-to-MAC

binding for a given host on the switch interface.

• all active—Displays only the active IP-to-MAC

binding entries.

• all inactive—Displays only the inactive IP-to-MAC

binding entries.

• all—Displays the active and inactive IP-to-MAC

binding entries.

Command Purpose

Other manuals for Cisco Catalyst 4500 Series

Manual19 pages

Command Reference Guide1230 pages

System Message Guide150 pages

Configuration Guide1610 pages

Administration Guide1814 pages

Message Guide146 pages

Installation Guide194 pages

Datasheet11 pages

Overview46 pages

Quick Reference Guide59 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General

Series	Catalyst 4500 Series
Category	Switch
Layer Support	Layer 2, Layer 3
Form Factor	Modular chassis
Stackable	No
Chassis Slots	3, 6, 7, 10
Power Supply Options	AC, DC
Redundancy	Power supply, Supervisor engine
Network Management	Cisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
Features	Security, QoS
Port Density	Up to 384 ports per chassis
Security Features	802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine	8-E