Configuring DHCP Snooping, IP Source Guard,
and IPSG for Static Hosts
This chapter describes how to configure Dynamic Host Configuration Protocol (DHCP) snooping, IP
source guard, and IP source guard (IPSG) for static hosts on Catalyst 4500 series switches. It provides
guidelines, procedures, and configuration examples.
This chapter consists of the following major sections:
•
•
•
•
•
•
•
For complete syntax and usage information for the switch commands used in this chapter, see the Cisco
Note
Catalyst 4500 Series Switch Command Reference and related publications at this location:
http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html
If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the
Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location:
http://www.cisco.com/en/US/products/ps6350/index.html
About DHCP Snooping
DHCP snooping is a DHCP security feature that provides security by filtering untrusted DHCP messages
and by building and maintaining a DHCP snooping binding table. An untrusted message is a message
that is received from outside the network or firewall and that can cause traffic attacks within your
network.
OL_28731-01
About DHCP Snooping, page 53-1
Configuring DHCP Snooping, page 53-6
Displaying DHCP Snooping Information, page 53-18
Displaying IP Source Binding Information, page 53-23
Configuring IP Source Guard, page 53-20
Displaying IP Source Binding Information, page 53-23
Configuring IP Source Guard for Static Hosts, page 53-24
C H A P T E R
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
53
53-1