Enabling ip source guard per-port-per-vlan, Enabling ip source guard on a ve, Displaying learned ip addresses – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Brocade ICX 6650 Security Configuration Guide

297

53-1002601-01

IP source guard

The [vlan vlannum] parameter is optional. If you enter a VLAN number, the binding applies to that
VLAN only. If you do not enter a VLAN number, the static binding applies to all VLANs associated
with the port. Note that since static IP source bindings consume system resources, you should
avoid unnecessary bindings.

Enabling IP source guard per-port-per-VLAN

To enable IP Source Guard per-port-per-VLAN, enter commands such as the following.

Brocade(config)# vlan 12 name vlan12
Brocade(config-vlan-12)# untag ethernet 1/1/5 to 1/1/8
Brocade(config-vlan-12)# tag ethernet 1/1/23 to 1/1/24
Brocade(config-vlan-12)# exit
Brocade(config)# interface ethernet 1/1/23
Brocade(config-if-e10000-1/1/23)# per-vlan vlan12
Brocade(config-if-e10000-1/1/23-vlan-12))# source-guard enable

The commands in this example configure port-based VLAN 12, and add ports e 1/1/5 – 1/1/8 as
untagged ports and ports e 1/1/23 –1/1/24 as tagged ports to the VLAN. The last two commands
enable IP Source Guard on port e 1/1/23, a member of VLAN 12.

Syntax: [no] source-guard enable

Enabling IP source guard on a VE

To enable IP Source Guard on a virtual interface, enter commands such as the following.

Brocade(config)# vlan 2
Brocade(config-vlan-2)# tag e1/1/1
Added tagged port(s) ethe 1/1/1 to port-vlan 2
Brocade(config-vlan-2)# router-int ve 2
Brocade(config-vlan-2)# int ve 2
Brocade(config-vif-2)# source-guard enable ethernet 1/1/1

Syntax: [no] source-guard enable

Displaying learned IP addresses

To display the learned IP addresses for IP Source Guard ports, use the CLI commands show ip
source-guard ethernet.