Ip source guard, Ip source-guard binding, Table 55 – Brocade Communications Systems Brocate Ethernet Access Switch 6910 User Manual
Page 275
Brocade 6910 Ethernet Access Switch Configuration Guide
225
53-1002581-01
IP Source Guard
10
Example
Console#show ip dhcp snooping binding
MAC Address IP Address Lease(sec) Type VLAN Interface
----------------- --------------- ---------- -------------------- ---- ---------
11-22-33-44-55-66 192.168.0.99 0 Dynamic-DHCPSNP 1 Eth 1/5
Console#
IP Source Guard
IP Source Guard is a security feature that filters IP traffic on network interfaces based on manually
configured entries in the IP Source Guard table, or dynamic entries in the DHCP Snooping table
when enabled (see
on page 216). IP source guard can be used to prevent traffic
attacks caused when a host tries to use the IP address of a neighbor to access the network. This
section describes commands used to configure IP Source Guard.
ip source-guard binding
This command adds a static address to the source-guard binding table. Use the no form to remove
a static entry.
Syntax
ip source-guard binding mac-address vlan vlan-id ip-address interface ethernet unit/port
no ip source-guard binding mac-address vlan vlan-id
mac-address - A valid unicast MAC address.
vlan-id - ID of a configured VLAN (Range: 1-4093)
ip-address - A valid unicast IP address, including classful types A, B or C.
unit - Unit identifier. (Range: 1)
port - Port number. (Range: 1-12)
Default Setting
No configured entries
Command Mode
Global Configuration
TABLE 55
IP Source Guard Commands
Command
Function
Mode
Adds a static address to the source-guard binding table
GC
Configures the switch to filter inbound traffic based on source IP
address, or source IP address and corresponding MAC address
IC
Sets the maximum number of entries that can be bound to an
interface
IC
Shows whether source guard is enabled or disabled on each
interface
PE
Shows the source guard binding table
PE