121
Static IPv4 source guard configuration example
Network requirements
As shown in Figure 40, all hosts use static IP addresses.
Configure static IPv4 source guard entries on Device A and Device B to meet the following
requirements:
• GigabitEthernet 1/0/2 of Device A allows only IP packets from Host C to pass.
• GigabitEthernet 1/0/1 of Device A allows only IP packets from Host A to pass.
• GigabitEthernet 1/0/2 of Device B allow only IP packets from Host A to pass.
• GigabitEthernet 1/0/1 of Device B allows only IP packets from Host B to pass.
Figure 40 Network diagram
Configuration procedure
1. Configure Device A:
a. Configure IP addresses for the interfaces. (Details not shown.)
b. From the navigation tree, select Security > Packet Filter > IP Source Guard.
c. Add an IP source guard entry for Host A.
The entry contains interface GigabitEthernet 1/0/1, IP address 192.168.0.1, and MAC
address 00-01-02-03-04-06.
d. Add an IP source guard entry for Host C.
The entry contains interface GigabitEthernet 1/0/2, IP address 192.168.0.3, and MAC
address 00-01-02-03-04-05.
2. Configure Device B:
a. Configure IP addresses for the interfaces. (Details not shown.)
b. From the navigation tree, select Security > Packet Filter > IP Source Guard.
c. Add an IP source guard entry for Host B.
The entry contains interface GigabitEthernet 1/0/1, IP address 192.168.0.2, and MAC
address 00-01-02-03-04-07.
d. Add an IP source guard entry for Host A.
The entry contains interface GigabitEthernet 1/0/2, IP address 192.168.0.1, and MAC
address 00-01-02-03-04-06.
Verifying the configuration
1. From the navigation tree, select Security > Packet Filter > IP Source Guard on Device A.
2. Verify that the static IPv4 source guard entries are configured successfully on the IP source
guard configuration page.
IP: 192.168.0.3/24
MAC : 0001-0203-0405
IP: 192.168.0.1/24
MAC: 0001-0203-0406
Host A
IP: 192.168.0.2/24
MAC: 0001-0203-0407
Host B
Host C
GE1/0/2
GE1/0/1
GE1/0/2
GE1/0/1
Device A
Device B
To Next Page
Loading...
