420
Configuring IP Source Guard
How to Configure IP Source Guard
Configuring IP Source Guard for Static Hosts on a Layer 2 Access Port
4. exit Returns to global configuration mode.
5. ip source binding mac-address vlan
vlan-id ip-address inteface interface-id
Adds a static IP source binding.
Enter this command for each static binding.
6. end Returns to privileged EXEC mode.
Command Purpose
Command Purpose
1. configure terminal Enters global configuration mode.
2. ip device tracking Opens the IP host table, and globally enables IP device
tracking.
3. interface interface-id Enters interface configuration mode.
4. switchport mode access Configures a port as access.
5. switchport access vlan vlan-id Configures the VLAN for this port.
6. ip verify source tracking port-security Enables IPSG for static hosts with MAC address filtering.
Note: When you enable both IPSG and port security by
using the ip verify source port-security interface
configuration command:
• The DHCP server must support option-82, or
the client is not assigned an IP address.
• The MAC address in the DHCP packet is not
learned as a secure address. The MAC address
of the DHCP client is learned as a secure
address only when the switch receives
non-DHCP data traffic.
7. ip device tracking maximum number Specifies a maximum limit for the number of static IPs
that the IP device tracking table allows on the port. The
range is 1to 10. The maximum number is 10.
Note: You must configure the ip device tracking
maximum limit-number interface configuration
command.
8. switchport port-security (Optional) Activates port security for this port.
9. switchport port-security maximum value (Optional) Specifies a maximum of MAC addresses for
this port.
To Next Page
Loading...
Need help?
General
