60-27
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 60 Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts
Configuring IP Source Guard for Static Hosts
Switch(config)# interface fastEthernet 4/3
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 1
Switch(config-if)# ip device tracking maximum 5
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 5
Switch(config-if)# ip verify source tracking port-security
Switch(config-if)# end
Switch# show ip verify source
Interface Filter-type Filter-mode IP-address Mac-address Vlan
--------- ----------- ----------- --------------- ----------------- ----
Fa4/3 ip-mac trk active 40.1.1.24 00:00:00:00:03:04 1
Fa4/3 ip-mac trk active 40.1.1.20 00:00:00:00:03:05 1
Fa4/3 ip-mac trk active 40.1.1.21 00:00:00:00:03:06 1
Fa4/3 ip-mac trk active 40.1.1.22 00:00:00:00:03:07 1
Fa4/3 ip-mac trk active 40.1.1.23 00:00:00:00:03:08 1
The following example displays all IP-to-MAC binding entries for all interfaces. The CLI displays all
active as well as inactive entries. When a host is learned on a interface, the new entry is marked as active.
When the same host is disconnected from the current interface and connected to a different interface, a
new IP-to-MAC binding entry is displayed as active as soon as the host is detected. The old entry for this
host on the previous interface is now marked as inactive.
Switch# show ip device tracking all
IP Device Tracking = Enabled
IP Device Tracking Probe Count = 3
IP Device Tracking Probe Interval = 30
---------------------------------------------------------------------
IP Address MAC Address Vlan Interface STATE
---------------------------------------------------------------------
200.1.1.8 0001.0600.0000 8 GigabitEthernet3/1 INACTIVE
200.1.1.9 0001.0600.0000 8 GigabitEthernet3/1 INACTIVE
200.1.1.10 0001.0600.0000 8 GigabitEthernet3/1 INACTIVE
200.1.1.1 0001.0600.0000 9 GigabitEthernet4/1 ACTIVE
200.1.1.1 0001.0600.0000 8 GigabitEthernet3/1 INACTIVE
200.1.1.2 0001.0600.0000 9 GigabitEthernet4/1 ACTIVE
200.1.1.2 0001.0600.0000 8 GigabitEthernet3/1 INACTIVE
200.1.1.3 0001.0600.0000 9 GigabitEthernet4/1 ACTIVE
200.1.1.3 0001.0600.0000 8 GigabitEthernet3/1 INACTIVE
200.1.1.4 0001.0600.0000 9 GigabitEthernet4/1 ACTIVE
200.1.1.4 0001.0600.0000 8 GigabitEthernet3/1 INACTIVE
200.1.1.5 0001.0600.0000 9 GigabitEthernet4/1 ACTIVE
200.1.1.5 0001.0600.0000 8 GigabitEthernet3/1 INACTIVE
200.1.1.6 0001.0600.0000 8 GigabitEthernet3/1 INACTIVE
200.1.1.7 0001.0600.0000 8 GigabitEthernet3/1 INACTIVE
The following example displays all active IP-to-MAC binding entries for all interfaces:
Switch# show ip device tracking all active
IP Device Tracking = Enabled
IP Device Tracking Probe Count = 3
IP Device Tracking Probe Interval = 30
---------------------------------------------------------------------
IP Address MAC Address Vlan Interface STATE
---------------------------------------------------------------------
200.1.1.1 0001.0600.0000 9 GigabitEthernet4/1 ACTIVE
200.1.1.2 0001.0600.0000 9 GigabitEthernet4/1 ACTIVE
200.1.1.3 0001.0600.0000 9 GigabitEthernet4/1 ACTIVE
200.1.1.4 0001.0600.0000 9 GigabitEthernet4/1 ACTIVE
200.1.1.5 0001.0600.0000 9 GigabitEthernet4/1 ACTIVE
To Next Page
Loading...
Need help?
General
