Cisco Catalyst 4500 series Administration Manual page 1402
Hide thumbs
Also See for Catalyst 4500 series:
- Software configuration manual (2086 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Configuring IP Source Guard for Static Hosts
To stop IPSG with static hosts on an interface, use the following commands in interface configuration
submode:
Switch(config-if)# no ip verify source
Switch(config-if)# no ip device tracking max"
To enable IPSG with static hosts on a port, enter the following commands:
Switch(config)# ip device tracking ****enable IP device tracking globally
Switch(config)# ip device tracking max <n> ****set an IP device tracking maximum on int
Switch(config-if)# ip verify source tracking [port-security] ****activate IPSG on the port
Caution
If you only configure the ip verify source tracking [port-security] interface configuration command
on a port without enabling IP device tracking globally or setting an IP device tracking maximum on that
interface, IPSG with static hosts will reject all the IP traffic from that interface.
This issue also applies to IPSG with static hosts on a PVLAN host port.
This example shows how to enable IPSG for static hosts with IP filters on a Layer 2 access port and to
verify the three valid IP bindings on the interface Fa4/3:
Switch# configure terminal
Enter configuration commands, one per line.
Switch(config)# ip device tracking
Switch(config)# interface fastEthernet 4/3
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10
Switch(config-if)# ip device tracking maximum 5
Switch(config-if)# ip verify source tracking
Switch(config-if)# end
Switch# show ip verify source
Interface
---------
Fa4/3
Fa4/3
Fa4/3
The following example shows how to enable IPSG for static hosts with IP MAC filters on a Layer 2
access port, to verify the five valid IP-MAC bindings on the interface Fa4/3, and to verify that the number
of bindings on this interface has reached the maximum limit:
Switch# configure terminal
Enter configuration commands, one per line.
Switch(config)# ip device tracking
Switch(config)# interface fastEthernet 4/3
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 1
Switch(config-if)# ip device tracking maximum 5
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 5
Switch(config-if)# ip verify source tracking port-security
Switch(config-if)# end
Switch# show ip verify source
Interface
---------
Fa4/3
Fa4/3
Fa4/3
Fa4/3
Fa4/3
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
53-26
Chapter 53
Filter-type
Filter-mode
-----------
-----------
ip trk
active
ip trk
active
ip trk
active
Filter-type
Filter-mode
-----------
-----------
ip-mac trk
active
ip-mac trk
active
ip-mac trk
active
ip-mac trk
active
ip-mac trk
active
Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts
End with CNTL/Z.
IP-address
Mac-address
---------------
-----------------
40.1.1.24
40.1.1.20
40.1.1.21
End with CNTL/Z.
IP-address
Mac-address
---------------
-----------------
40.1.1.24
00:00:00:00:03:04
40.1.1.20
00:00:00:00:03:05
40.1.1.21
00:00:00:00:03:06
40.1.1.22
00:00:00:00:03:07
40.1.1.23
00:00:00:00:03:08
Vlan
----
10
10
10
Vlan
----
1
1
1
1
1
OL_28731-01
Advertisement
Chapters
Table of Contents
Troubleshooting
