Configuration Guide Configuring IP Source Guard
Interface configuration mode/WLAN security configuration mode
Detection of users based on IP address or both IP and MAC addresses can be realized by enabling IP
Source Guard for a port.
Configuring a Static Binding
ip source binding mac-address vlan vlan-id ip-address {interface interface-id |wlan wlan-id | ip-mac |
ip-only}
mac-address: The MAC address of a static binding
Vlan-id: The VLAN ID of a static binding
ip-address: The IP address of a static binding
interface-id: The Port ID (PID) of a static binding
wlan-id: WLAN ID of a static binding
ip-mac: IP-MAC based mode
ip-only: IP-based mode
Global configuration mode
Through this command, legitimate users can pass IP Source Guard detection instead of being controlled by
DHCP.
Specifying an Exception VLAN for IP Source Guard
ip verify source exclude-vlan vlan-id
vlan-id: A VLAN ID exempted from IP Source Guard on a port
Interface configuration mode/WLAN security configuration mode
By using this command, the specified VLANs under a port where IP Source Guard function is enabled can
be exempted from check and filtering.
Configuration Example
Enabling IP Source Guard on Port 1
Enable DHCP Snooping.
Enable IP Source Guard.
Ruijie(config)# interface GigabitEthernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)# ip verify source
Ruijie(config-if-GigabitEthernet 0/1)# end
Ruijie(config)# wlansec 1
Ruijie(config-wlansec)# ip verify source port-security
Ruijie(config-wlansec)# end
To Next Page
Loading...
