DGS-1510 Series Gigabit Ethernet SmartPro Switch CLI Reference Guide
307
35. IP Source Guard Commands
35-1 ip verify source vlan dhcp-snooping
This command is used to enable IP source guard for a port. Use the no form of this command to
disable IP source guard.
ip verify source vlan dhcp-snooping [ip-mac]
no ip verify source vlan dhcp-snooping [ip-mac]
Parameters
Default
By default, this option is disabled.
Command Mode
Interface Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
The command is available for physical port and port channel configuration. Use this command to
enable the IP source guard on the configured port.
When a port is enabled for IP source guard, the IP packet that arrives at the port will be validated via
the port ACL. Port ACL is a hardware mechanism and its entry can come from either a manual
configured entry or the DHCP snooping binding database. The packet that fails to pass the validation
will be dropped.
There are two types of validations.
If the option ip-mac is not specified, the validation is based on the source IP address and
VLAN check only.
If the option ip-mac is specified, the validation is based on the source MAC address, VLAN
and IP address.
Example
This example shows how to enable IP Source Guard for eth3/0/1.
Switch# configure terminal
Switch(config)# interface eth3/0/1
Switch(config-if)# ip verify source vlan dhcp-snooping
Switch(config-if)#
35-2 ip source binding
This command is used to create a static entry used for IP source guard. Use the no form of this
command to delete a static binding entry.
ip source binding MAC-ADDRESS vlan VLAN-ID IP-ADDRESS interface INTERFACE-ID [, | -]
no ip source binding MAC-ADDRESS vlan VLAN-ID IP-ADDRESS interface INTERFACE-ID [, |
-]
To Next Page
Loading...
Need help?
General
