Ip source-guard binding, Source-guard binding – Edge Products ES3528-WDM User Manual

IP Source Guard Commands

22-5

22

Example
This example enables IP source guard on port 5.

Related Commands

ip source-guard binding (22-5)
ip dhcp snooping (22-7)
ip dhcp snooping vlan (22-9)

ip source-guard binding

This command adds a static address to the source-guard binding table. Use the no
form to remove a static entry.

Syntax

ip source-guard binding mac-address vlan vlan-id ip-address

interface ethernet unit/port

no ip source-guard binding mac-address vlan vlan-id

• mac-address - A valid unicast MAC address.
• vlan-id - ID of a configured VLAN (Range: 1-4093)
• ip-address - A valid unicast IP address, including classful types A, B or C.
• unit - Stack unit. (Range: 1)
• port - Port number. (Range: 1-28)

Default Setting

No configured entries

Command Mode

Global Configuration

Command Usage

• Table entries include a MAC address, IP address, lease time, entry type

(Static-IP-SG-Binding, Dynamic-DHCP-Binding, Static-DHCP-Binding),
VLAN identifier, and port identifier.

• All static entries are configured with an infinite lease time, which is indicated

with a value of zero by the show ip source-guard command (page 22-6).

• When source guard is enabled, traffic is filtered based upon dynamic entries

learned via DHCP snooping, static entries configured in the DHCP snooping
table, or static addresses configured in the source guard binding table with
this command.

• Static bindings are processed as follows:

- If there is no entry with same VLAN ID and MAC address, a new entry is

added to binding table using the type of static IP source guard binding.

Console(config)#interface ethernet 1/5
Console(config-if)#ip source-guard sip
Console(config-if)#