Filter
Top Products
Filters and QoS Configuration for ERS 5500
Technical Configuration Guide v2.0 NN48500-559
___________________________________________________________________________________________________________________________
Nortel Confidential Information Copyright © 2008 Nortel Networks. All Rights Reserved.
External Distribution
31
• 5500(config)#ip arp-inspection vlan 100
•
5500(config)#ip arp-inspection vlan 200
•
5500(config)#interface fastEthernet 1/24
•
5500(config-if)#ip arp-inspection trusted
•
5500(config-if)#exit
8.3 IP Source Guard
IP source guard works together with the DHCP snooping binding table by providing security
against invalid source IP addresses. If enabled, the source IP address is checked against the
source IP address in the binding table on untrusted ports. If the incoming source IP address does
not match the IP address in the binding table, the packet is dropped. Please note that manual
(static) assignment of IP addresses is not allowed as DHCP snooping does not support static
binding entries
8.3.1 IP Source Guard Configuration
Assuming DHCP snooping is already configured with untrusted port members 2-20, enter the
following commands:
•
5500(config)#interface fastEthernet 2-20
•
5500(config-if)#ip verify source
•
5500(config-if)#exit