C
HAPTER
25
| General Security Measures
IPv4 Source Guard
– 919 –
2001:b000::1 2591912 1 Eth 1/3 NA
Console#
show ipv6 dhcp
snooping statistics
This command shows statistics for DHCPv6 snooping client, server and
relay packets.
COMMAND MODE
Privileged Exec
EXAMPLE
Console#show ipv6 dhcp snooping statistics
DHCPv6 Snooping Statistics:
Client Packet: Solicit, Request, Confirm, Renew, Rebind,
Decline, Release, Information-request
Server Packet: Advertise, Reply, Reconfigure
Relay Packet: Relay-forward, Relay-reply
State Client Server Relay Total
-------- -------- -------- -------- --------
Received 10 9 0 19
Sent 9 9 0 18
Droped 1 0 0 1
Console#
IPV4 SOURCE GUARD
IP Source Guard is a security feature that filters IPv4 traffic on network
interfaces based on manually configured entries in the IPv4 Source Guard
table, or dynamic entries in the DHCPv4 Snooping table when enabled (see
"DHCPv4 Snooping" on page 899). IPv4 source guard can be used to
prevent traffic attacks caused when a host tries to use the IPv4 address of
a neighbor to access the network. This section describes commands used
to configure IPv4 Source Guard.
Table 95: IPv4 Source Guard Commands
Command Function Mode
ip source-guard binding Adds a static address to the source-guard binding
table
GC
ip source-guard Configures the switch to filter inbound traffic based
on source IP address, or source IP address and
corresponding MAC address
IC
ip source-guard
max-binding
Sets the maximum number of entries that can be
bound to an interface
IC
ip source-guard mode Sets the source-guard learning mode to search for
addresses in the ACL binding table or the MAC
address binding table
IC
clear ip source-guard
binding blocked
Remove all blocked records IC
To Next Page
Loading...
Need help?
General
