Chapter 24: General Security Measures
IPv4 Source Guard
– 863 –
Server Packet: Advertise, Reply, Reconfigure
Relay Packet: Relay-forward, Relay-reply
State Client Server Relay Total
-------- -------- -------- -------- --------
Received 10 9 0 19
Sent 9 9 0 18
Droped 1 0 0 1
Console#
IP
V
4 S
OURCE
G
UARD
IP Source Guard is a security feature that filters IPv4 traffic on network
interfaces based on manually configured entries in the IPv4 Source Guard
table, or dynamic entries in the DHCPv4 Snooping table when enabled (see
). IPv4 source guard can be used to
prevent traffic attacks caused when a host tries to use the IPv4 address of
a neighbor to access the network. This section describes commands used
to configure IPv4 Source Guard.
ip source-guard
binding
This command adds a static address to the source-guard ACL or MAC
address binding table. Use the
no
form to remove a static entry.
S
YNTAX
ip source-guard binding
[
mode
{
acl
|
mac
}]
mac-address
vlan vlan-id ip-address interface ethernet unit/port
no
ip source-guard
binding
[
mode
{
acl
|
mac
}]
mac-address
vlan vlan-id
Table 24-10: IPv4 Source Guard Commands
Command
Function
Mode
Adds a static address to the source-guard binding
table
GC
Configures the switch to filter inbound traffic based
on source IP address, or source IP address and
corresponding MAC address
IC
Sets the maximum number of entries that can be
bound to an interface
IC
Sets the source-guard learning mode to search for
addresses in the ACL binding table or the MAC
address binding table
IC
Remove all blocked records
IC
Shows whether source guard is enabled or disabled
on each interface
PE
Shows the source guard binding table
PE, NE
Summary of Contents for SSE-G2252
Page 42: ...44 General IP Routing on page 627...
Page 603: ...Chapter 16 IP Configuration Setting the Switch s IP Address IP Version 6 609...
Page 883: ...Chapter 24 General Security Measures Port based Traffic Segmentation 894...
Page 989: ...Chapter 30 Congestion Control Commands Automatic Traffic Control Commands 1000 Console...
Page 1007: ...Chapter 33 Address Table Commands 1019...
Page 1137: ...Chapter 38 Quality of Service Commands 1150...