Chapter 9
| General Security Measures
IPv4 Source Guard
– 357 –
ip source-guard
max-binding
This command sets the maximum number of entries that can be bound to an
interface. Use the no form to restore the default setting.
Syntax
ip source-guard [mode {acl | mac}] max-binding number
no ip source-guard [mode {acl | mac}] max-binding
mode - Specifies the learning mode.
acl - Searches for addresses in the ACL table.
mac - Searches for addresses in the MAC address table.
number - The maximum number of IP addresses that can be mapped to an
interface in the binding table. (Range: 1-16 for ACL mode; 1-1024 for MAC
mode)
Default Setting
5
Command Mode
Interface Configuration (Ethernet)
Command Usage
This command sets the maximum number of address entries that can be mapped
to an interface in the binding table, including both dynamic entries discovered by
DHCP snooping and static entries set by the ip source-guard command.
Example
This example sets the maximum number of allowed entries in the binding table for
port 5 to one entry. The mode is not specified, and therefore defaults to the ACL
binding table.
Console(config)#interface ethernet 1/5
Console(config-if)#ip source-guard max-binding 1
Console(config-if)#
ip source-guard mode This command sets the source-guard learning mode to search for addresses in the
ACL binding table or the MAC address binding table. Use the no form to restore the
default setting.
Syntax
ip source-guard mode {acl | mac}
no ip source-guard mode
mode - Specifies the learning mode.
acl - Searches for addresses in the ACL binding table.
mac - Searches for addresses in the MAC address binding table.
To Next Page
Loading...
Need help?
General