MES1000, MES2000 Ethernet Switches 183
[gigabitethernet gi_port |
fastethernet fa_port | port-
channel group]
Example execution of commands
Enable DHCP Option 82 utilization.
console# configure
console(config)# ip dhcp relay enable
console(config)# ip dhcp information option
Show all matches from the DHCP management file (database).
console# show ip dhcp snooping
DHCP snooping is Enabled
DHCP snooping is configured on following VLANs: 40
DHCP snooping database is Disabled
Relay agent Information option 82 is Disabled
Option 82 on untrusted port is forbidden
Verification of hwaddr field is Enabled
DHCP snooping file update frequency is configured to: 1200 seconds
Interface Trusted
----------- ------------
gi1/0/1 Yes
5.27.4 Client IP address protection (IP-source Guard)
IP address protection function (IP Source Guard) allows to filter the traffic received from the
interface based on DHCP snooping match table and IP Source Guard static matches. Thus, IP Source Guard
eliminates IP address spoofing in packets.
Given that the IP address protection function uses DHCP snooping match tables, it is worth
using this function with DHCP snooping pre-configured and enabled.
Global configuration mode commands
Command line request in global configuration mode appears as follows:
console(config)#
Table 5.215 —Global configuration mode commands
Function is disabled by
default.
Enable client IP address protection function for the whole
switch.
Disable client IP address protection function for the whole
switch.
ip source-guard binding
mac_address vlan_id
ip_address
{gigabitethernet gi_port |
fastethernet fa_port |
port-channel group}
gi_port: (1..3/0/1..28);
fa_port: (1..3/0/1..24);
vlan_id: (1..4094);
group: (1..8)
Create static record in the match table for the client IP
address, its MAC address and VLAN group for the selected
interface in the command.
no ip source-guard binding
mac_address vlan_id
Remove static record from the match table.
To Next Page
Loading...
Need help?
General
