C
HAPTER
25
| General Security Measures
IP Source Guard
– 686 –
COMMAND USAGE
◆ This command sets the maximum number of address entries that can
be mapped to an interface in the binding table, including both dynamic
entries discovered by DHCP snooping and static entries set by the ip
source-guard command.
EXAMPLE
This example sets the maximum number of allowed entries in the binding
table for port 5 to one entry.
Console(config)#interface ethernet 1/5
Console(config-if)#ip source-guard max-binding 1
Console(config-if)#
show ip source-
guard
This command shows whether source guard is enabled or disabled on each
interface.
COMMAND MODE
Privileged Exec
EXAMPLE
Console#show ip source-guard
Interface Filter-type Max-binding
--------- ----------- -----------
Eth 1/1 DISABLED 5
Eth 1/2 DISABLED 5
Eth 1/3 DISABLED 5
Eth 1/4 DISABLED 5
Eth 1/5 SIP 1
Eth 1/6 DISABLED 5
.
.
.
show ip source-
guard binding
This command shows the source guard binding table.
SYNTAX
show ip source-guard binding [dhcp-snooping | static]
dhcp-snooping - Shows dynamic entries configured with DHCP
Snooping commands (see page 673)
static - Shows static entries configured with the ip source-guard
binding command (see page 682).
COMMAND MODE
Privileged Exec
To Next Page
Loading...
