Ip source-guard – Brocade Communications Systems Brocate Ethernet Access Switch 6910 User Manual

Page 276

Advertising
background image

226

Brocade 6910 Ethernet Access Switch Configuration Guide

53-1002581-01

IP Source Guard

10

Command Usage

Table entries include a MAC address, IP address, lease time, entry type (Static-IP-SG-Binding,
Dynamic-DHCP-Binding), VLAN identifier, and port identifier.

All static entries are configured with an infinite lease time, which is indicated with a value of
zero by the

show ip source-guard

command (

page 228

).

When source guard is enabled, traffic is filtered based upon dynamic entries learned via DHCP
snooping, or static addresses configured in the source guard binding table with this command.

Static bindings are processed as follows:

If there is no entry with same VLAN ID and MAC address, a new entry is added to binding
table using the type of static IP source guard binding.

If there is an entry with same VLAN ID and MAC address, and the type of entry is static IP
source guard binding, then the new entry will replace the old one.

If there is an entry with same VLAN ID and MAC address, and the type of the entry is
dynamic DHCP snooping binding, then the new entry will replace the old one and the entry
type will be changed to static IP source guard binding.

Example

This example configures a static source-guard binding on port 5.

Console(config)#ip source-guard binding 11-22-33-44-55-66 vlan 1 192.168.0.99

interface ethernet 1/5

Console(config-if)#

Related Commands

ip source-guard (226)
ip dhcp snooping (216)
ip dhcp snooping vlan (220)

ip source-guard

This command configures the switch to filter inbound traffic based source IP address, or source IP
address and corresponding MAC address. Use the no form to disable this function.

Syntax

ip source-guard {sip | sip-mac}

no ip source-guard

sip - Filters traffic based on IP addresses stored in the binding table.

sip-mac - Filters traffic based on IP addresses and corresponding MAC addresses stored in
the binding table.

Default Setting

Disabled

Command Mode

Interface Configuration (Ethernet)

Advertising