Ip source guard, Ip source-guard binding, Table 79: ip source guard commands – Microsens MS453490M Management Guide User Manual

C

HAPTER

25

| General Security Measures

IP Source Guard

– 669 –

IP S

OURCE

G

UARD

IP Source Guard is a security feature that filters IP traffic on network

interfaces based on manually configured entries in the IP Source Guard

table, or dynamic entries in the DHCP Snooping table when enabled (see

"DHCP Snooping" on page 660

). IP source guard can be used to prevent

traffic attacks caused when a host tries to use the IP address of a neighbor

to access the network. This section describes commands used to configure

IP Source Guard.

ip source-guard

binding

This command adds a static address to the source-guard binding table. Use

the no form to remove a static entry.

S

YNTAX

ip source-guard binding mac-address vlan vlan-id ip-address

interface ethernet unit/port

no ip source-guard binding mac-address vlan vlan-id

mac-address - A valid unicast MAC address.
vlan-id - ID of a configured VLAN (Range: 1-4093)
ip-address - A valid unicast IP address, including classful types A, B

or C.
unit - Unit identifier. (Range: 1)
port - Port number. (Range: 1-10)

D

EFAULT

S

ETTING

No configured entries

C

OMMAND

M

ODE

Global Configuration

C

OMMAND

U

SAGE

◆

Table entries include a MAC address, IP address, lease time, entry type

(Static-IP-SG-Binding, Dynamic-DHCP-Binding), VLAN identifier, and

port identifier.

Table 79: IP Source Guard Commands

Command

Function

Mode

ip source-guard binding

Adds a static address to the source-guard binding

table

GC

ip source-guard

Configures the switch to filter inbound traffic based

on source IP address, or source IP address and

corresponding MAC address

IC

show ip source-guard

Shows whether source guard is enabled or disabled

on each interface

PE

show ip source-guard

binding

Shows the source guard binding table

PE