Cisco Systems 3560-X Switch User Manual


  Open as PDF
of 1438
 
24-22
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Chapter 24 Configuring DHCP Features and IP Source Guard
Configuring IP Source Guard
This example shows how to enable IPSG with static hosts on a port.
Switch(config)# ip device tracking
Switch(config)# ip device trackin
g max 10
Switch(config-if)# ip verify sour
ce tracking port-security
This example shows how to enable IPSG for static hosts with IP filters on a Layer 2 access port and to
verify the valid IP bindings on the interface Gi1/0/3:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip device trackin
g
Switch(config)# interface gigabit
ethernet1/0/3
Switch(config-if)# switchport mod
e access
Switch(config-if)# switchport acc
ess vlan 10
Switch(config-if)# ip device trac
king maximum 5
Switch(config-if)# ip verify sour
ce tracking
Switch(config-if)# end
Switch# s
how ip verify source
Interface Filter-type Filter-mode IP-address Mac-address Vlan
--------- ----------- ----------- --------------- ----------------- ----
Gi1/0/3 ip trk active 40.1.1.24 10
Gi1/0/3 ip trk active 40.1.1.20 10
Gi1/0/3 ip trk active 40.1.1.21 10
This example shows how to enable IPSG for static hosts with IP-MAC filters on a Layer 2 access port,
to verify the valid IP-MAC bindings on the interface Gi1/0/3, and to verify that the number of bindings
on this interface has reached the maximum:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip device trackin
g
Switch(config)# interface gigabit
ethernet1/0/3
Switch(config-if)# switchport mod
e access
Switch(config-if)# switchport acc
ess vlan 1
Switch(config-if)# ip device trac
king maximum 5
Switch(config-if)# switchport por
t-security
Switch(config-if)# switchport por
t-security maximum 5
Switch(config-if)# ip verify sour
ce tracking port-security
Switch(config-if)# end
Switch# s
how ip verify source
Interface Filter-type Filter-mode IP-address Mac-address Vlan
--------- ----------- ----------- --------------- ----------------- ----
Gi1/0/3 ip-mac trk active 40.1.1.24 00:00:00:00:03:04 1
Gi1/0/3 ip-mac trk active 40.1.1.20 00:00:00:00:03:05 1
Gi1/0/3 ip-mac trk active 40.1.1.21 00:00:00:00:03:06 1
Gi1/0/3 ip-mac trk active 40.1.1.22 00:00:00:00:03:07 1
Gi1/0/3 ip-mac trk active 40.1.1.23 00:00:00:00:03:08 1
This example displays all IP or MAC binding entries for all interfaces. The CLI displays all active as
well as inactive entries. When a host is learned on a interface, the new entry is marked as active. When
the same host is disconnected from that interface and connected to a different interface, a new IP or MAC
binding entry displays as active as soon as the host is detected. The old entry for this host on the previous
interface is marked as INACTIVE.
Switch# show ip device tracking all
IP Device Tracking = Enabled
IP Device Tracking Probe Count = 3
IP Device Tracking Probe Interval = 30
---------------------------------------------------------------------
 previous next