C
HAPTER
25
| General Security Measures
IPv4 Source Guard
– 920 –
ip source-guard
binding
This command adds a static address to the source-guard ACL or MAC
address binding table. Use the no form to remove a static entry.
SYNTAX
ip source-guard binding [mode {acl | mac}] mac-address
vlan vlan-id ip-address interface ethernet unit/port
no ip source-guard binding [mode {acl | mac}] mac-address
vlan vlan-id
mode - Specifies the binding mode.
acl - Adds binding to ACL table.
mac - Adds binding to MAC address
mac-address - A valid unicast MAC address.
vlan-id - ID of a configured VLAN (Range: 1-4094)
ip-address - A valid unicast IP address, including classful types A, B
or C.
unit - Unit identifier. (Range: 1)
port - Port number. (Range: 1-28)
DEFAULT SETTING
No configured entries
COMMAND MODE
Global Configuration
COMMAND USAGE
◆ If the binding mode is not specified in this command, the entry is bound
to the ACL table by default.
◆ Table entries include a MAC address, IP address, lease time, entry type
(Static-IP-SG-Binding, Dynamic-DHCP-Binding), VLAN identifier, and
port identifier.
◆ All static entries are configured with an infinite lease time, which is
indicated with a value of zero by the show ip source-guard command
(page 925).
◆ When source guard is enabled, traffic is filtered based upon dynamic
entries learned via DHCP snooping, or static addresses configured in
the source guard binding table with this command.
show ip source-guard Shows whether source guard is enabled or disabled
on each interface
PE
show ip source-guard
binding
Shows the source guard binding table PE, NE
Table 95: IPv4 Source Guard Commands (Continued)
Command Function Mode
To Next Page
Loading...
