53-28
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL_28731-01
Chapter 53 Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts
Configuring IP Source Guard for Static Hosts
200.1.1.4 0001.0600.0000 8 GigabitEthernet3/1 INACTIVE
200.1.1.5 0001.0600.0000 8 GigabitEthernet3/1 INACTIVE
200.1.1.6 0001.0600.0000 8 GigabitEthernet3/1 INACTIVE
200.1.1.7 0001.0600.0000 8 GigabitEthernet3/1 INACTIVE
The following example display the count of all IP device tracking host entries for all interfaces:
Switch# show ip device tracking all count
Total IP Device Tracking Host entries: 5
---------------------------------------------------------------------
Interface Maximum Limit Number of Entries
---------------------------------------------------------------------
Fa4/3 5
Configuring IPSG for Static Hosts on a PVLAN Host Port
You can configure IPSG for static hosts on a PVLAN host port.
To enable IPSG for static hosts with IP filters on a PVLAN host port, perform this task:
This example shows how to enable IPSG for static hosts with IP filters on a PVLAN host port:
Switch(config)# vlan 200
Switch(config-vlan)# private-vlan primary
Switch(config-vlan)# exit
Switch(config)# vlan 201
Command Purpose
Step 1
Switch(config)# vlan n1
Enters configuration VLAN mode.
Step 2
Switch(config-vlan)# private-vlan primary
Establishes a primary VLAN on a PVLAN port.
Step 3
Switch(config-vlan)# exit
Exits VLAN configuration mode.
Step 4
Switch(config)# vlan n2
Enters configuration VLAN mode.
Step 5
Switch(config-vlan)# private-vlan isolated
Establishes an isolated VLAN on a PVLAN port.
Step 6
Switch(config-vlan)# exit
Exits VLAN configuration mode.
Step 7
Switch(config)# vlan n1
Enters configuration VLAN mode.
Step 8
Switch(config-vlan)# private-vlan association 201
Associates the VLAN on an isolated PVLAN port.
Step 9
Switch(config-vlan)# exit
Exits VLAN configuration mode.
Step 10
Switch(config)# interface fastEthernet a/b
Enters interface configuration mode.
Step 11
Switch(config-if)# switchport mode private-vlan
host
(Optional) Establishes a port as a PVLAN host.
Step 12
Switch(config-if)# switchport private-vlan
host-association a b
(Optional) Associates this port with the corresponding
PVLAN.
Step 13
Switch(config-if)# ip device tracking maximum n
Establishes a maximum limit for the bindings on this
port.
Step 14
Switch(config-if)# ip verify source tracking
[port-security]
Activates IPSG for static hosts on this port.
Step 15
Switch(config-if)# end
Exits configuration interface mode.
Step 16
Switch# show ip device tracking all
Verifies the configuration.
Step 17
Switch# show ip verify source interface-name
Verifies the configuration.
To Next Page
Loading...
