19-18
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Chapter 19 Configuring DHCP Features and IP Source Guard Features
Configuring IP Source Guard
Configuring IP Source Guard for Static Hosts on a Layer 2 Access Port
Note
You must configure the
ip device tracking
maximum
limit-number
interface configuration command
globally for IPSG for static hosts to work. If you only configure this command on a port without enabling
IP device tracking globally or by setting an IP device tracking maximum on that interface, IPSG with
static hosts rejects all the IP traffic from that interface.
Beginning in privileged EXEC mode:
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
ip device tracking
Turn on the IP host table, and globally enable IP device
tracking.
Step 3
interface
interface-id
Enter interface configuration mode.
Step 4
switchport mode access
Configure a port as access.
Step 5
switchport access vlan
vlan-id
Configure the VLAN for this port.
Step 6
ip verify source tracking port-security
Enable IPSG for static hosts with MAC address filtering.
Note
When you enable both IP source guard and port
security by using the
ip verify source
port-security
interface configuration command:
•
The DHCP server must support option 82, or
the client is not assigned an IP address.
•
The MAC address in the DHCP packet is not
learned as a secure address. The MAC address
of the DHCP client is learned as a secure
address only when the switch receives
non-DHCP data traffic.
Step 7
ip device tracking maximum
number
Establish a maximum limit for the number of static IPs
that the IP device tracking table allows on the port. The
range is 1to 10. The maximum number is 10.
Note
You must configure the
ip device tracking
maximum
limit-number
interface configuration
command.
Step 8
switchport port-security
(Optional) Activate port security for this port.
Step 9
switchport port-security maximum
value
(Optional) Establish a maximum of MAC addresses for
this port.
Step 10
end
Return to privileged EXEC mode.