23-15
Cisco IE 3000 Switch Software Configuration Guide
OL-13018-03
Chapter 23 Configuring DHCP Features and IP Source Guard
Displaying IP Source Guard Information
To disable IP source guard with source IP address filtering, use the
no ip verify source
interface
configuration command.
To delete a static IP source binding entry, use the
no ip source
global configuration command.
This example shows how to enable IP source guard with source IP and MAC filtering on VLANs 10
and 11:
Switch#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#
interface gigabitethernet0/1
Switch(config-if)#
ip verify source port-security
Switch(config-if)#
exit
Switch(config)#
ip source binding 0100.0022.0010 vlan 10 10.0.0.2 interface
gigabitethernet0/1
Switch(config)#
ip source binding 0100.0230.0002 vlan 11 10.0.0.4 interface
gigabitethernet0/1
Switch(config)#
end
Displaying IP Source Guard Information
To display the IP source guard information, use one or more of the privileged EXEC commands in
Table 23-3
:
Understanding DHCP Server Port-Based Address Allocation
DHCP server port-based address allocation is a feature that enables DHCP to maintain the same IP
address on an Ethernet switch port regardless of the attached device client identifier or client hardware
address.
When Ethernet switches are deployed in the network, they offer connectivity to the directly connected
devices. In some environments, such as on a factory floor, if a device fails, the replacement device must
be working immediately in the existing network. With the current DHCP implementation, there is no
guarantee that DHCP would offer the same IP address to the replacement device. Control, monitoring,
and other software expect a stable IP address associated with each device. If a device is replaced, the
address assignment should remain stable even though the DHCP client has changed.
Step 6
end
Return to privileged EXEC mode.
Step 7
show ip verify source
[
interface
interface-id
]
Display the IP source guard configuration for all interfaces or for a
specific interface.
Step 8
show ip source binding
[
ip-address
]
[
mac-address
] [
dhcp-snooping
|
static
]
[
inteface
interface-id
] [
vlan
vlan-id
]
Display the IP source bindings on the switch, on a specific VLAN, or on
a specific interface.
Step 9
copy running-config startup-config
(Optional) Save your entries in the configuration file.
Command
Purpose
Table 23-3
Commands for Displaying IP Source Guard Information
Command
Purpose
show ip source binding
Display the IP source bindings on a switch.
show ip verify source
Display the IP source guard configuration on the switch.