Configuring ip source guard – Dell POWEREDGE M1000E User Manual

822

Snooping and Inspecting Traffic

Configuring IP Source Guard

Beginning in Privileged EXEC mode, use the following commands to

configure IPSG settings on the switch.

Command

Purpose

configure

Enter global configuration mode.

interface

interface

Enter interface configuration mode for the specified port

or LAG. The

interface variable includes the interface type

and number, for example gigabitethernet 1/0/3. For a

LAG, the interface type is port-channel.
You can also specify a range of ports with the interface

range command, for example, interface range

gigabitethernet 1/0/8-12 configures interfaces 8, 9, 10, 11,

and 12.

ip verify source [port-

security]

Enable IPSG on the port or LAG to prevent packet

forwarding if the source IP address in the packet is not in

the DHCP snooping binding database. Use the option

port-security keyword to also prevent packet forwarding if

the sender MAC address is not in forwarding database

table or the DHCP snooping binding database. \

NOTE:

To enforce filtering based on the source MAC

address, port security must also be enabled on the interface

by using the port security command in Interface

Configuration mode.

exit

Exit to Global Config mode.

ip verify binding

mac_addr vlan vlan_id

ipaddr interface interface

Configure a static binding for IPSG.

exit

Exit to Privileged EXEC mode.

show ip verify interface

interface

View IPSG parameters for a specific port or LAG. The

interface parameter includes the interface type

(gigabitethernet, tengigabitethernet, or port-channel)

and number.

show ip verify source

[interface

interface]

View IPSG bindings configured on the switch or on a

specific port or LAG.

show ip source binding

View IPSG bindings.