Ip source guard commands, Ip source-guard, Table 22-3 – Edge Products ES3528-WDM User Manual
Page 373
IP Source Guard Commands
22-3
22
Example
The following example enables port security for port 5, and sets the response to a
security violation to issue a trap message:
Related Commands
shutdown (24-6)
mac-address-table static (28-1)
IP Source Guard Commands
IP Source Guard is a security feature that filters IP traffic on network interfaces
based on manually configured entries in the IP Source Guard table, or static and
dynamic entries in the DHCP Snooping table when enabled (see “DHCP Snooping
Commands” on page 22-7). IP source guard can be used to prevent traffic attacks
caused when a host tries to use the IP address of a neighbor to access the network.
This section describes commands used to configure IP Source Guard.
ip source-guard
This command configures the switch to filter inbound traffic based source IP
address, or source IP address and corresponding MAC address. Use the no form to
disable this function.
Syntax
ip source-guard {sip | sip-mac}
no ip source-guard
• sip - Filters traffic based on IP addresses stored in the binding table.
• sip-mac - Filters traffic based on IP addresses and corresponding MAC
addresses stored in the binding table.
Default Setting
Disabled
Console(config)#interface ethernet 1/5
Console(config-if)#port security action trap
Table 22-3 IP Source Guard Commands
Command
Function
Mode
Page
ip source-guard
Configures the switch to filter inbound traffic based on source IP
address, or source IP address and corresponding MAC address
IC
ip source-guard
binding
Adds a static address to the source-guard binding table
GC
show ip
source-guard
Shows whether source guard is enabled or disabled on each
interface
PE
show ip
source-guard
binding
Shows the source guard binding table
PE