Cisco Systems WSC4500X24XIPB Switch User Manual

Open as PDF

of 680

31-12

Software Configuration Guide—Release 12.2(25)SG

OL-7659-03

Chapter31 Configuring DHCP Snooping and IP Source Guard

Configuring IP Source Guard on the Switch

Note When IP source guard is enabled in IP and MAC filtering mode, the DHCP snooping option 82 must be

enabled to ensure that the DHCP protocol works properly. Without option 82 data, the switch cannot

locate the client host port to forward the DHCP server reply. Instead, the DHCP server reply is dropped,

and the client cannot obtain an IP address.

Configuring IP Source Guard on the Switch

To enable IP Source Guard, perform this task:

Note The static IP source binding can only be configured on switch port. If you issue the

ip source binding vlan interface command on a Layer 3 port, you will receive this error message:

Static IP source binding can only be configured on switch port.

This example shows how to enable per-Layer 2-port IP source guard on VLANs 10 through 20:

Switch# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)# ip dhcp snooping

Switch(config)# ip dhcp snooping vlan 10 20

Switch(config)# interface fa6/1

Switch(config-if)# switchport trunk encapsulation dot1q

Switch(config-if)# switchport mode trunk

Command Purpose

Step 1

Switch(config)# ip dhcp snooping

Enables DHCP snooping globally.

You can use the no keyword to disable DHCP snooping.

Step 2

Switch(config)# ip dhcp snooping vlan

number

[

number

]

Enables DHCP snooping on your VLANs.

Step 3

Switch(config-if)# no ip dhcp snooping trust

Configures the interface as trusted or untrusted.

You can use the no keyword of to configure an interface

to receive only messages from within the network.

Step 4

Switch(config-if)# ip verify source vlan

dhcp-snooping port-security

Enables IP source guard, source IP, and source MAC

address filtering on the port.

Step 5

Switch(config-if)# switchport port-security limit

rate invalid-source-mac N

Enables security rate limiting for learned source MAC

addresses on the port.

Note This limit only applies to the port where IP

Source Guard is enabled as filtering both IP and

MAC addresses.

Step 6

Switch(config)# ip source binding

mac-address

Vlan

vlan-id ip-address

interface

interface-name

Configures a static IP binding on the port.

Step 7

Switch(config)# end

Exits configuration mode.

Step 8

Switch# show ip verify source interface

interface-name

Verifies the configuration.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems WSC4500X24XIPB Switch User Manual