784 Snooping and Inspecting Traffic
Configuring IP Source Guard
Beginning in Privileged EXEC mode, use the following commands to
configure IPSG settings on the switch.
Command Purpose
configure Enter global configuration mode.
interface
interface
Enter interface configuration mode for the specified port
or LAG. The
interface
variable includes the interface type
and number, for example tengigabitethernet 1/0/3. For a
LAG, the interface type is port-channel.
You can also specify a range of ports with the interface
range command, for example, interface range
tengigabitethernet 1/0/8-12 configures interfaces 8, 9, 10,
11, and 12.
ip verify source [port-
security]
Enable IPSG on the port or LAG to prevent packet
forwarding if the source IP address in the packet is not in
the DHCP snooping binding database. Use the option
port-security keyword to also prevent packet forwarding if
the sender MAC address is not in forwarding database
table or the DHCP snooping binding database. \
NOTE: To enforce filtering based on the source MAC
address, port security must also be enabled on the interface
by using the port security command in Interface
Configuration mode.
exit Exit to Global Config mode.
ip verify binding
mac_addr
vlan
vlan_id
ipaddr
interface
interface
Configure a static binding for IPSG.
exit Exit to Privileged EXEC mode.
show ip verify interface
interface
View IPSG parameters for a specific port or LAG. The
interface
parameter includes the interface type
(tengigabitethernet or port-channel) and number.
show ip verify source
[interface
interface
]
View IPSG bindings configured on the switch or on a
specific port or LAG.
show ip source binding View IPSG bindings.
To Next Page
Loading...
