Chapter 9
| General Security Measures
IPv4 Source Guard
– 353 –
IPv4 Source Guard
IPv4 Source Guard is a security feature that filters IPv4 traffic on network interfaces
based on manually configured entries in the IPv4 Source Guard table, or dynamic
entries in the DHCPv4 Snooping table when enabled (see “DHCPv4 Snooping” on
page 330). IPv4 source guard can be used to prevent traffic attacks caused when a
host tries to use the IPv4 address of a neighbor to access the network. This section
describes commands used to configure IPv4 Source Guard.
ip source-guard
binding
This command adds a static address to the source-guard binding table. Use the no
form to remove a static entry.
Syntax
ip source-guard binding [mode {acl | mac}] mac-address
vlan vlan-id ip-address interface ethernet unit/port-list
no ip source-guard binding [mode {acl | mac}] mac-address vlan vlan-id
mode - Specifies the binding mode.
acl - Adds binding to ACL table.
mac - Adds binding to MAC address table.
mac-address - A valid unicast MAC address.
vlan-id - ID of a configured VLAN for an ACL filtering table or a range of
VLANs for a MAC address filtering table. To specify a list separate
nonconsecutive VLAN identifiers with a comma and no spaces; use a
hyphen to designate a range of IDs. (Range: 1-4094)
ip-address - A valid unicast IP address, including classful types A, B or C.
Table 61: IPv4 Source Guard Commands
Command Function Mode
ip source-guard binding Adds a static address to the source-guard binding table GC
ip source-guard Configures the switch to filter inbound traffic based on
source IP address, or source IP address and
corresponding MAC address
IC
ip source-guard max-binding Sets the maximum number of entries that can be bound
to an interface
IC
ip source-guard mode Sets the source-guard learning mode to search for
addresses in the ACL binding table or the MAC address
binding table
IC
clear ip source-guard
binding blocked
Remove all blocked records PE
show ip source-guard Shows whether source guard is enabled or disabled on
each interface
PE
show ip source-guard
binding
Shows the source guard binding table PE
To Next Page
Loading...
Need help?
General