IP Source Guard

By daxm

IP Source Guard requires DHCP snooping (and applied to a VLAN).

Source Guard checks inbound IP traffic on an interface against the DHCP snooping database and compares the IP (and possibly MAC) against the database to ensure that the source IP (and possibly MAC) against the associated database entry.

To match only on source IP:

!
int f0/0
ip verify source
!
To match on source IP and MAC:

!
int f0/0
ip verify source port-security
switchport port-security
!

To manually bind a source-guard entry:

!
(router-config)# ip source bind <mac> vlan <num> <ip> int <interface>
!

 



About...

This author published 11 posts in this site.

Share

FacebookTwitterEmailWindows LiveTechnoratiDeliciousDiggStumbleponMyspaceLikedin

Leave a comment