Name: Cisco Catalyst 4500 Series
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

50-21

Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG

OL-25340-01

Chapter 50 Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts

Configuring IP Source Guard

If you want to stop IP source guard with static hosts on an interface, use the following commands in

interface configuration submode:

Switch(config-if)# no ip verify source

Switch(config-if)# no ip device tracking max

If the no ip device tracking command is used in interface configuration submode, it actually runs in

global configuration mode and causes IP device tracking to be disabled globally. Disabling IP device

tracking globally causes IP source guard with static hosts to deny all IP traffic on interfaces using the ip

verify source tracking [port-security] command.

Note The static IP source binding can only be configured on switch port. If you enter the

ip source binding vlan interface command on a Layer 3 port, you receive this error message:

Static IP source binding can only be configured on switch port.

This example shows how to enable per-Layer 2 port IP source guard on VLAN 10 through 20:

Switch# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)# ip dhcp snooping

Switch(config)# ip dhcp snooping vlan 10 20

Switch(config)# interface fa6/1

Switch(config-if)# switchport trunk encapsulation dot1q

Switch(config-if)# switchport mode trunk

Switch(config-if)# switchport trunk native vlan 10

Switch(config-if)# switchport trunk allowed vlan 11-20

Switch(config-if)# no ip dhcp snooping trust

Switch(config-if)# ip verify source vlan dhcp-snooping

Switch(config)# end

Step 3

Switch(config-if)# no ip dhcp snooping trust

Configures the interface as trusted or untrusted.

You can use the no keyword of to configure an interface

to receive only messages from within the network.

Step 4

Switch(config-if)# ip verify source vlan

dhcp-snooping port-security

Enables IP source guard, source IP, and source MAC

address filtering on the port.

Step 5

Switch(config-if)# switchport port-security limit

rate invalid-source-mac N

Enables security rate limiting for learned source MAC

addresses on the port.

Note This limit only applies to the port where IP

source guard is enabled as filtering both IP and

MAC addresses.

Step 6

Switch(config)# ip source binding mac-address

Vlan vlan-id ip-address interface interface-name

Configures a static IP binding on the port.

Step 7

Switch(config)# end

Exits configuration mode.

Step 8

Switch# show ip verify source interface

interface-name

Verifies the configuration.

Command Purpose

Other manuals for Cisco Catalyst 4500 Series

Manual19 pages

Command Reference Guide1230 pages

System Message Guide150 pages

Administration Guide1814 pages

Software Configuration Guide2086 pages

Message Guide146 pages

Installation Guide194 pages

Datasheet11 pages

Overview46 pages

Quick Reference Guide59 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General

Series	Catalyst 4500 Series
Category	Switch
Layer Support	Layer 2, Layer 3
Form Factor	Modular chassis
Stackable	No
Chassis Slots	3, 6, 7, 10
Power Supply Options	AC, DC
Redundancy	Power supply, Supervisor engine
Network Management	Cisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
Features	Security, QoS
Port Density	Up to 384 ports per chassis
Security Features	802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine	8-E