Edge-Core ECS4620-28P Cli Reference Manual page 362

Chapter 9
| General Security Measures
IPv4 Source Guard
ip source-guard
binding
Table 61: IPv4 Source Guard Commands
Command
show ip source-guard
show ip source-guard
binding
This command adds a static address to the source-guard ACL or MAC address
binding table. Use the no form to remove a static entry.
Syntax
ip source-guard binding [mode {acl | mac}] mac-address
vlan vlan-id ip-address interface ethernet unit/port-list
no ip source-guard binding [mode {acl | mac}] mac-address vlan vlan-id
mode - Specifies the binding mode.
acl - Adds binding to ACL table.
mac - Adds binding to MAC address table.
mac-address - A valid unicast MAC address.
vlan-id - ID of a configured VLAN for an ACL filtering table or a range of
VLANs for a MAC address filtering table. To specify a list separate
nonconsecutive VLAN identifiers with a comma and no spaces; use a
hyphen to designate a range of IDs. (Range: 1-4094)
ip-address - A valid unicast IP address, including classful types A, B or C.
unit - Unit identifier. (Range: 1-8)
port-list - Physical port number or list of port numbers. Separate
nonconsecutive port numbers with a comma and no spaces; or use a
hyphen to designate a range of port numbers. (Range: 1-28/52)
Default Setting
No configured entries
Command Mode
Global Configuration
Command Usage
◆
If the binding mode is not specified in this command, the entry is bound to the
ACL table by default.
◆
Table entries include a MAC address, IP address, lease time, entry type (Static-IP-
SG-Binding, Dynamic-DHCP-Binding), VLAN identifier, and port identifier.
◆
All static entries are configured with an infinite lease time, which is indicated
with a value of zero by the
Function
Shows whether source guard is enabled or disabled on
each interface
Shows the source guard binding table
show ip source-guard
– 362 –
Mode
PE
PE
command.