Cisco Catalyst 3750-E Software Configuration Manual page 612
Hide thumbs
Also See for Catalyst 3750-E:
- Getting started manual (27 pages) ,
- Product support bulletin (6 pages) ,
- Configuration handbook (359 pages)
Table of Contents
Advertisement
Configuring IP Source Guard
Beginning in privileged EXEC mode, follow these steps to configure IPSG for static hosts with IP filters
on a Layer 2 access port:
Command
Step 1
configure terminal
Step 2
vlan vlan-id1
Step 3
private-vlan primary
Step 4
exit
Step 5
vlan vlan-id2
Step 6
private-vlan isolated
Step 7
exit
Step 8
vlan vlan-id1
Step 9
private-vlan association 201
Step 10
exit
Step 11
interface fastEthernet interface-id
Step 12
switchport mode private-vlan host
Step 13
switchport private-vlan host-association vlan-id1
vlan-id2
Step 14
ip device tracking maximum number
Step 15
ip verify source tracking [port-security]
Step 16
end
Step 17
show ip device tracking all
Step 18
show ip verify source interface interface-id
This example shows how to enable IPSG for static hosts with IP filters on a private VLAN host port:
Switch(config)# vlan 200
Switch(config-vlan)# private-vlan primary
Switch(config-vlan)# exit
Switch(config)# vlan 201
Switch(config-vlan)# private-vlan isolated
Switch(config-vlan)# exit
Switch(config)# vlan 200
Switch(config-vlan)# private-vlan association 201
Switch(config-vlan)# exit
Switch(config)# interface gigabitethernet1/0/3
Switch(config-if)# switchport mode private-vlan host
Switch(config-if)# switchport private-vlan host-association 200 201
Catalyst 3750-E and 3560-E Switch Software Configuration Guide
22-24
Chapter 22
Configuring DHCP Features and IP Source Guard
Purpose
Enter global configuration mode.
Enter VLAN configuration mode.
Establish a primary VLAN on a private VLAN port.
Exit VLAN configuration mode.
Enter configuration VLAN mode for another VLAN.
Establish an isolated VLAN on a private VLAN port.
Exit VLAN configuration mode.
Enter configuration VLAN mode.
Associate the VLAN on an isolated private VLAN port.
Exit VLAN configuration mode.
Enter interface configuration mode.
(Optional) Establish a port as a private VLAN host.
(Optional) Associate this port with the corresponding
private VLAN.
Establish a maximum for the number of static IPs that
the IP device tracking table allows on the port.
The maximum is 10.
Note
You must globally configure the ip device
tracking maximum number interface command
for IPSG for static hosts to work.
Activate IPSG for static hosts with MAC address
filtering on this port.
Exit configuration interface mode.
Verify the configuration.
Verify the IP source guard configuration. Display IPSG
permit ACLs for static hosts.
OL-9775-08
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
