Chapter 8
| General Security Measures
IP Source Guard
– 254 –
Command Usage
This command sets the maximum number of address entries that can be mapped
to an interface in the binding table, including both dynamic entries discovered by
DHCP snooping and static entries set by the ip source-guard command.
Example
This example sets the maximum number of allowed entries in the binding table for
port 5 to one entry.
Console(config)#interface ethernet 1/5
Console(config-if)#ip source-guard max-binding 1
Console(config-if)#
show ip source-guard This command shows whether source guard is enabled or disabled on each
interface.
Command Mode
Privileged Exec
Example
Console#show ip source-guard
Interface Filter-type Max-binding
--------- ----------- -----------
Eth 1/1 DISABLED 5
Eth 1/2 DISABLED 5
Eth 1/3 DISABLED 5
Eth 1/4 DISABLED 5
Eth 1/5 SIP 1
Eth 1/6 DISABLED 5
.
.
.
show ip source-guard
binding
This command shows the source guard binding table.
Syntax
show ip source-guard binding [dhcp-snooping | static]
dhcp-snooping - Shows dynamic entries configured with DHCP Snooping
commands (see page 242)
static - Shows static entries configured with the ip source-guard binding
command (see page 250).
Command Mode
Privileged Exec
To Next Page
Loading...
