DGS-6604
ip verify source vlan dhcp-snooping
CLI Reference Guide
241
ip verify source vlan dhcp-snooping
Use this command to enable IP source guard for a port. Use the no form of the
command to disable IP source guard.
ip verify source vlan dhcp-snooping port-security
no ip verify source vlan dhcp-snooping port-security
Default
Disabled
Command Mode
Interface configuration mode
Usage Guideline
The command is available for physical port configuration.
Use the command the enable the IP source guard on the configured port.
When a port is enabled for IP source guard, the IP packet arrives at the port will
be validated via port ACL. Port ACL is a hardware mechanism and its entry can
come from either the manual configured entry or the DHCP snooping binding
database. The packet fails to pass the validation will be dropped.
The validation is based on both the source MAC address and IP address. The IP
to MAC address binding pair must match the entries in port ACL to pass the
validation.
Example
This example shows how to enable IP Source Guard for port 3.1:
Syntax Description
port-security
Specify to check both IP address and MAC address of the recieved IP packets.
Switch# configure terminal
Switch(config)# interface eth3.1
Switch(config-if)# ip verify source vlan dhcp-snooping port-security
Switch(config-if)#
Summary of Contents for DGS-6600 Series
Page 1: ...0 9 3 ...