6.10
IP source guard
IP source guard commands include:
ip source-guard
ip source-guard trust<0/1/2/3>
ip dhcp-snooping binding
Function Brief
The IP source guard function can be used to filter packets forwarded
by a port, thus preventing invalid packets from passing through the port,
restricting unauthorized use of network resources (for example,
unauthorized hosts may access the network by forging IP addresses of
authorized users), and improving the port security.
If IP source guard is enabled on a port of the switch, when packets
reach this port, the switch checks the IP source guard entries. If the packet
matches an entry, the switch forwards the packet or the packet enters the
subsequent flow. If the packet does not match any entry, the switch drops
the packet. The binding function is port-based. After a port is bound, only this
port is affected by the binding relationship, and other ports are not affected.
6.10.1
ip source-guard
Command Description
ip source-guard
//This command is used to enable the IP source guard function.
no ip source-guard
//This command is used to disable the IP source guard function.
Parameter
None
Default
Disable
Command Mode
Global configuration mode
Example
switch(config)#Ip source-guard