Ip source guard commands, Commands in this chapter, Ip verify source – Dell POWEREDGE M1000E User Manual
Page 507: Ip source guard, Commands
IP Source Guard Commands
507
24
IP Source Guard Commands
NOTE: IP Source Guard commands are supported by PCM8024.
IP Source Guard (IPSG) is a security feature that filters IP packets based on
source ID. The source ID may either be source IP address or a {source IP
address, source MAC address} pair. The network administrator configures
whether enforcement includes the source MAC address. The network
administrator can configure static authorized source IDs. The DHCP
Snooping binding database and static IPSG entries identify authorized source
IDs. IPSG may be enabled on physical and LAG ports. IPSG is disabled by
default.
If the network administrator enables IPSG on a port where DHCP snooping is
disabled or where DHCP snooping is enabled but the port is trusted, all IP
traffic received on that port is dropped depending upon the admin-
configured IPSG entries. IPSG cannot be enabled on a port-based routing
interface.
IPSG uses two enforcement mechanisms: the L2FDB to enforce the source
MAC address and ingress VLAN and an ingress classifier to enforce the source
IP address or {source IP, source MAC} pair.
Commands in this Chapter
This chapter explains the following commands:
ip verify source
Use the ip verify source command in Interface Configuration mode to enable
filtering of IP packets matching the source IP address.
ip verify source port-security
show ip verify source interface
2CSPC4.XModular-SWUM200.book Page 507 Thursday, March 10, 2011 11:18 AM