Ip Source Guard Commands - Dell N1100-ON Reference Manual

IP Source Guard Commands

Dell EMC Networking N1100-ON/N1500/N2000/N2100-
ON/N3000/N3100-ON/N4000 Series Switches
IP Source Guard (IPSG) is a security feature that filters IP packets based on
source ID. The source ID may either be source IP address or a {source IP
address, source MAC address} pair. The network administrator configures
whether enforcement includes the source MAC address. The network
administrator can configure static authorized source IDs. The DHCP
Snooping binding database and static IPSG entries identify authorized source
IDs. IPSG may be enabled on physical and LAG ports. IPSG is disabled by
default.
If the network administrator enables IPSG on a port where DHCP snooping is
disabled or where DHCP snooping is enabled but the port is trusted, all IP
traffic received on that port is dropped depending upon the admin-
configured IPSG entries. IPSG cannot be enabled on a port-based routing
interface.
IPSG uses two enforcement mechanisms: the L2FDB to enforce the source
MAC address and ingress VLAN and an ingress classifier to enforce the source
IP address or {source IP, source MAC} pair.
Commands in this Section
This section explains the following commands:
ip verify source
ip verify binding
–
ip verify source
Use the ip verify source command in Interface Configuration mode to enable
filtering of IP packets from hosts which have not been assigned an IP address
via DHCP on the specified interface.
Use the no form of the command to enable unverified traffic to flow over the
interfaces.
show ip verify
show ip verify source
show ip source binding
Layer 2 Switching Commands
528