Configuration Guide Configuring IP Source Guard
The above-mentioned port can be a wired switching port, a layer-2 AP port or a layer-2 encapsulation sub-interface, or
a WLAN interface.
9.4 Configuration
Configuring IP Source Guard
(Mandatory) It is used to enable IP Source Guard.
Enables IP Source Guard on a port.
Configures a static binding.
Ip verify source exclude-vlan
Specifies an excluded VLAN for IP Source
Guard.
9.4.1 Configuring IP Source Guard
Configuration Effect
 Check the input IP packets and filter illegal packets.
Notes
 The enabling of IP Source Guard may affect forwarding of IP packets. In general, this function needs to be used in
combination with DHCP Snooping.
 IP Source Guard cannot be configured on DHCP Snooping trusted ports.
 IP Source Guard cannot be configured on global IP+MAC exclude ports.
 IP Source Guard can be configured only on wired exchange ports, Layer-2 AP ports, Layer-2 encapsulation
subinterfaces, and in WLAN mode. The function is configured in interface configuration mode in the case of wired
access and in WLAN security configuration mode in the case of wireless access.
 For fit APs in wired access mode, IP Source Guard needs to be enabled in ap-config all mode.
Configuration Steps
 Enable DHCP Snooping.
 Enable IP Source Guard.
Verification
Use the monitoring commands to display the address binding database of IP Source Guard.
Related Commands
 Enabling IP Source Guard on a Port
ip verify source [port-security]
port-security: Enable IP-MAC based filtering.
To Next Page
Loading...
Need help?
General
