Chapter 9
| General Security Measures
IPv4 Source Guard
– 302 –
ip source-guard
max-binding
This command sets the maximum number of entries that can be bound to an
interface. Use the
no
form to restore the default setting.
Syntax
ip source-guard
[
mode
{
acl
|
mac
}]
max-binding
number
no
ip source-guard
[
mode
{
acl
|
mac
}]
max-binding
mode
- Specifies the learning mode.
acl
- Searches for addresses in the ACL table.
mac
- Searches for addresses in the MAC address table.
number - The maximum number of IP addresses that can be mapped to an
interface in the binding table. (Range: 1-5 for ACL mode; 1-32 for MAC
mode)
Default Setting
Mode: ACL, Maximum Binding: 5
Mode: MAC, Maximum Binding: 16
Command Mode
Interface Configuration (Ethernet)
Command Usage
◆
This command sets the maximum number of address entries that can be
mapped to an interface in the binding table for the specified mode (ACL
binding table or MAC address table) including dynamic entries discovered by
DHCP snooping and static entries set by the ip source-guard command.
◆
The maximum binding for ACL mode restricts the number of “active” entries
per port. If binding entries exceed the maximum number in IP source guard,
only the maximum number of binding entries will be set. Dynamic binding
entries exceeding the maximum number will be created but will not be active.
◆
The maximum binding for MAC mode restricts the number of MAC addresses
learned per port. Authenticated IP traffic with different source MAC addresses
cannot be learned if it would exceed this maximum number.
Example
This example sets the maximum number of allowed entries in the binding table for
port 5 to one entry. The mode is not specified, and therefore defaults to the ACL
binding table.
Console(config)#interface ethernet 1/5
Console(config-if)#ip source-guard max-binding 1
Console(config-if)#
To Next Page
Loading...
Need help?
General