Table of Contents
Advertisement
IP S
G
OURCE
UARD
ip source-guard
binding
IP Source Guard is a security feature that filters IP traffic on network
interfaces based on manually configured entries in the IP Source Guard
table, or dynamic entries in the DHCP Snooping table when enabled (see
"DHCP Snooping" on page
traffic attacks caused when a host tries to use the IP address of a neighbor
to access the network. This section describes commands used to configure
IP Source Guard.
Table 71: IP Source Guard Commands
Command
ip source-guard binding
ip source-guard
ip source-guard max-
binding
show ip source-guard
show ip source-guard
binding
This command adds a static address to the source-guard binding table. Use
the no form to remove a static entry.
S
YNTAX
ip source-guard binding mac-address vlan vlan-id ip-address
interface
no ip source-guard binding mac-address vlan vlan-id
mac-address - A valid unicast MAC address.
vlan-id - ID of a configured VLAN (Range: 1-4093)
ip-address - A valid unicast IP address, including classful types A, B
or C.
interface - Specifies a port interface.
ethernet unit/port
unit - This is unit 1.
port - Port number. (Range: 1-24)
D
S
EFAULT
ETTING
No configured entries
– 733 –
C
28
HAPTER
724). IP source guard can be used to prevent
Function
Adds a static address to the source-guard binding
table
Configures the switch to filter inbound traffic based
on source IP address, or source IP address and
corresponding MAC address
Sets the maximum number of entries that can be
bound to an interface
Shows whether source guard is enabled or
disabled on each interface
Shows the source guard binding table
| General Security Measures
IP Source Guard
Mode
GC
IC
IC
PE
PE
- Quick Links:
- Port Configuration
- Connecting to the Switch
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
