EasyManua.ls Logo

Cisco Nexus 9000 Series - Licensing Requirements for IP Source Guard; Prerequisites for IP Source Guard; Guidelines and Limitations for IP Source Guard

Cisco Nexus 9000 Series
562 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
The device permits the IP traffic when DHCP snooping adds a binding table entry for the IP address and MAC
address of an IP packet or when you have configured a static IP source entry.
The device drops IP packets when the IP address and MAC address of the packet do not have a binding table
entry or a static IP source entry. For example, assume that the show ip dhcp snooping binding command
displays the following binding table entry:
MacAddress IpAddress LeaseSec Type VLAN Interface
----------------- ---------- --------- ------------- ---- ---------
00:02:B3:3F:3B:99 10.5.5.2 6943 dhcp-snooping 10 Ethernet2/3
If the device receives an IP packet with an IP address of 10.5.5.2, IP Source Guard forwards the packet only
if the MAC address of the packet is 00:02:B3:3F:3B:99.
Licensing Requirements for IP Source Guard
This table shows the licensing requirements for IP Source Guard.
License RequirementProduct
IP Source Guard requires no license. Any feature not included in a license package is bundled
with the nx-os image and is provided at no extra charge to you. For an explanation of the
Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.
Cisco
NX-OS
Prerequisites for IP Source Guard
IP Source Guard has the following prerequisites:
You must enable the DHCP feature and DHCP snooping before you can configure IP Source Guard. See
Configuring DHCP, on page 327.
You must configure the ACL TCAM region size for IP Source Guard using the hardware access-list
tcam region ipsg command. See Configuring ACL TCAM Region Sizes, on page 240.
By default the ipsg region size is zero. You need to allocate enough entries to
this region for storing and enforcing the SMAC-IP bindings.
Note
Guidelines and Limitations for IP Source Guard
IP Source Guard has the following configuration guidelines and limitations:
IP Source Guard limits IP traffic on an interface to only those sources that have an IP-MAC address
binding table entry or static IP source entry. When you first enable IP Source Guard on an interface, you
may experience disruption in IP traffic until the hosts on the interface receive a new IP address from a
DHCP server.
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
406
Configuring IP Source Guard
Licensing Requirements for IP Source Guard

Table of Contents

Other manuals for Cisco Nexus 9000 Series

Preview: Manual
Manual30 pages
Preview: Troubleshooting Guide
Troubleshooting Guide126 pages
Preview: Hardware Installation Guide
Hardware Installation Guide74 pages
Preview: Quick Start Configuration Guide
Quick Start Configuration Guide6 pages
Preview: Installation
Installation12 pages
Preview: Installing
Installing8 pages

Related product manuals