21-18
Catalyst 3750 Switch Software Configuration Guide
78-16180-02
Chapter 21 Configuring DHCP Features and IP Source Guard
Configuring IP Source Guard
To disable IP source guard with source IP address filtering, use the no ip verify source interface
configuration command.
To delete a static IP source binding entry, use the no ip source binding ip-address mac-address vlan
vlan-id inteface interface-id interface configuration command.
This example shows how to enable IP source guard with source IP and MAC filtering on VLANs 10
and 11:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gigabitethernet1/0/1
Switch(config-if)# ip verify source port-security
Switch(config-if)# exit
Switch(config)# ip source binding 0100.0022.0010 vlan 10 10.0.0.2 interface
gigabitethernet1/0/2
Switch(config)# ip source binding 0100.0230.0002 vlan 11 10.0.0.4 interface
gigabitethernet1/0/2
Switch(config)# end
Switch# show ip verify source
Interface Filter-type Filter-mode IP-address Mac-address Vlan
--------- ----------- ----------- --------------- -------------- ---------
gi1/0/2 ip-mac active 10.0.0.2 0100.0022.0010 10
gi1/0/2 ip-mac active 10.0.0.4 0100.0230.0002 11
Switch# show ip source binding
MacAddress IpAddress Lease(sec) Type VLAN Interface
-------------- --------------- ---------- ------------- ---- --------------------
01:00:00:22:00:10 10.0.0.2 infinite static 10 GigabitEthernet1/0/2
01:00:00:22:00:10 10.0.0.2 infinite static 10 GigabitEthernet1/0/2
01:00:02:30:00:02 10.0.0.9 10000 dhcp-snooping 10 GigabitEthernet1/0/3
Switch(config)# copy running-config startup-config
Step 8
show ip source binding [ip-address]
[mac-address] [dhcp-snooping | static]
[inteface interface-id] [vlan vlan-id]
Display the IP source bindings on the switch, on a specific VLAN, or on
a specific interface.
Step 9
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
To Next Page
Loading...
Need help?
General