Configuring IP Source Guard
Command
Step 8
show ip source binding [ip-address]
[mac-address] [dhcp-snooping | static]
[inteface interface-id] [vlan vlan-id]
Step 9
copy running-config startup-config
To disable IP source guard with source IP address filtering, use the no ip verify source interface
configuration command.
To delete a static IP source binding entry, use the no ip source binding ip-address mac-address vlan
vlan-id inteface interface-id interface configuration command.
This example shows how to enable IP source guard with source IP and MAC filtering on VLANs 10
and 11:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gigabitethernet1/0/1
Switch(config-if)# ip verify source port-security
Switch(config-if)# exit
Switch(config)# ip source binding 0100.0022.0010 vlan 10 10.0.0.2 interface
gigabitethernet1/0/2
Switch(config)# ip source binding 0100.0230.0002 vlan 11 10.0.0.4 interface
gigabitethernet1/0/2
Switch(config)# end
Switch# show ip verify source
Interface
---------
gi1/0/2
gi1/0/2
Switch# show ip source binding
MacAddress
--------------
01:00:00:22:00:10
01:00:00:22:00:10
01:00:02:30:00:02
Switch(config)# copy running-config startup-config
Catalyst 3750 Switch Software Configuration Guide
21-18
Purpose
Display the IP source bindings on the switch, on a specific VLAN, or on
a specific interface.
(Optional) Save your entries in the configuration file.
Filter-type
Filter-mode
-----------
-----------
ip-mac
active
ip-mac
active
IpAddress
---------------
10.0.0.2
10.0.0.2
10.0.0.9
Chapter 21
Configuring DHCP Features and IP Source Guard
IP-address
Mac-address
---------------
--------------
10.0.0.2
0100.0022.0010
10.0.0.4
0100.0230.0002
Lease(sec)
Type
----------
-------------
infinite
static
infinite
static
10000
dhcp-snooping
Vlan
---------
10
11
VLAN
Interface
----
--------------------
10
GigabitEthernet1/0/2
10
GigabitEthernet1/0/2
10
GigabitEthernet1/0/3
78-16180-02