Displaying learned ip addresses – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 352

Advertising
background image

device(config-vlan-2)#tag e1

Added tagged port(s) ethe 1 to port-vlan 2

device(config-vlan-2)#router-int ve 2

device(config-vlan-2)#int ve 2

device(config-vif-2)#source-guard enable e 1

Syntax: [no] source-guard enable

Enabling IP Source Guard to support a Multi-VRF instance

You can use IP Source Guard (IPSG) together with Dynamic ARP Inspection on untrusted ports. The
Brocade implementation of the IP Source Guard feature supports configuration on a port, on specific
VLAN memberships on a port (Layer 2 devices only), and on specific ports on a virtual interface (VE)
(Layer 3 devices only).To configure IP Source Guard to support a VRF instance, do the following:

• IPSG requires that the acl-per-port-per-vlan setting be enabled. To enable the setting:

Brocade(config)# enable acl-per-port-per-vlan

Reload required. Please write memory and then reload or power cycle.

Syntax: enable acl-per-port-per-vlan

• Configure IPSG:

On a port using source-guard enable . For example:

Brocade(config)# interfacce ethernet 1/1

Brocade(config-if-e1000-1/1)# source-guard enable

Syntax: source-guard enable

For Layer 2 devices, per port per VLAN using source-guard enable . For example:

Brocade(config-if-e1000-1/1)# per-vlan 2

Brocade(config-if-e1000-1/1-vlan-2)# source-guard enable

For Layer 3 devices, per ve using source-guard enable . IPSG cannot be configured on
tagged ports or untagged ports which have a VE. For example:

Brocade(config)# interface ve 30

Brocade(config-vif-30)# source-guard enable ethernet 1/1

Manually enter valid IP addresses in the binding database. For example:

Brocade(config)# ip source binding 1.1.1.2 ethernet 1/1 vlan 2

If the VLAN is not provided, it is applied on the port.

Displaying learned IP addresses

To display the learned IP addresses for IP Source Guard ports, use the CLI commands show ip
source-guard ethernet .

device(config)#show ip source-guard ethernet 1/1/37

Total number of IP Source Guard entries: 5

No Interface Type Flter-mode IP-address Vlan

-- --------- ---- ---------- ---------- ----

1 1/1/37 ip active 10.1.1.3 500

2 1/1/37 ip active 10.1.1.4 500

3 1/1/37 ip active 10.1.1.5 500

4 1/1/37 ip active 10.1.1.6 500

5 1/1/37 ip active 10.1.1.7 500

Syntax: show ip source-guard ethernet stack-unit/slotnum/portnum

Enabling IP Source Guard to support a Multi-VRF instance

352

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

Advertising
Popular Brands
Popular manuals