Configuration Guide Configuring IP Source Guard
Interface configuration mode/WLAN security configuration mode
Detection of users based on IP address or both IP and MAC addresses can be realized by enabling IP
Source Guard for a port.
 Configuring a Static Binding
ip source binding mac-address vlan vlan-id ip-address {interface interface-id |wlan wlan-id | ip-mac |
ip-only}
mac-address: The MAC address of a static binding
Vlan-id: The VLAN ID of a static binding
ip-address: The IP address of a static binding
interface-id: The Port ID (PID) of a static binding
wlan-id: WLAN ID of a static binding
ip-mac: IP-MAC based mode
ip-only: IP-based mode
Global configuration mode
Through this command, legitimate users can pass IP Source Guard detection instead of being controlled by
DHCP.
 Specifying an Exception VLAN for IP Source Guard
ip verify source exclude-vlan vlan-id
vlan-id: A VLAN ID exempted from IP Source Guard on a port
Interface configuration mode/WLAN security configuration mode
By using this command, the specified VLANs under a port where IP Source Guard function is enabled can
be exempted from check and filtering.
Configuration Example
 Enabling IP Source Guard on Port 1
 Enable DHCP Snooping.
 Enable IP Source Guard.
Ruijie(config)# interface GigabitEthernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)# ip verify source
Ruijie(config-if-GigabitEthernet 0/1)# end
Ruijie(config)# wlansec 1
Ruijie(config-wlansec)# ip verify source port-security
Ruijie(config-wlansec)# end
To Next Page
Loading...
Need help?
General
