Ip source-guard binding – LevelOne GTL-2691 User Manual
Page 956
C
HAPTER
29
| General Security Measures
IP Source Guard
– 956 –
ip source-guard
binding
This command adds a static address to the source-guard binding table. Use
the no form to remove a static entry.
S
YNTAX
ip source-guard binding mac-address vlan vlan-id ip-address
interface
no ip source-guard binding mac-address vlan vlan-id
mac-address - A valid unicast MAC address.
vlan-id - ID of a configured VLAN (Range: 1-4093)
ip-address - A valid unicast IP address, including classful types A, B
or C.
interface - Specifies a port interface.
ethernet unit/port
unit - Stack unit. (Range: 1-8)
port - Port number. (Range: 1-26)
D
EFAULT
S
ETTING
No configured entries
C
OMMAND
M
ODE
Global Configuration
C
OMMAND
U
SAGE
◆
Table entries include a MAC address, IP address, lease time, entry type
(Static-IP-SG-Binding, Dynamic-DHCP-Binding), VLAN identifier, and
port identifier.
◆
All static entries are configured with an infinite lease time, which is
indicated with a value of zero by the
command
(
◆
When source guard is enabled, traffic is filtered based upon dynamic
entries learned via DHCP snooping, or static addresses configured in
the source guard binding table with this command.
◆
Static bindings are processed as follows:
■
If there is no entry with same VLAN ID and MAC address, a new
entry is added to binding table using the type of static IP source
guard binding.
■
If there is an entry with same VLAN ID and MAC address, and the
type of entry is static IP source guard binding, then the new entry
will replace the old one.
■
If there is an entry with same VLAN ID and MAC address, and the
type of the entry is dynamic DHCP snooping binding, then the new
entry will replace the old one and the entry type will be changed to
static IP source guard binding.