27-4
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
Chapter 27 Configuring IP Source Guard
How to Configure IP Source Guard
• You can enable this feature when 802.1x port-based authentication is enabled.
• If the number of ternary content addressable memory (TCAM) entries exceeds the maximum, the
CPU usage increases.
How to Configure IP Source Guard
Enabling IP Source Guard
Configuring IP Source Guard for Static Hosts on a Layer 2 Access Port
Command Purpose
Step 1
configure terminal Enters global configuration mode.
Step 2
interface interface-id Specifies the interface to be configured, and enters interface
configuration mode.
Step 3
ip verify source
or
ip verify source port-security
Enables IPSG with source IP address filtering.
Enables IPSG with source IP and MAC address filtering.
Note When you enable both IPSG and port security by using the ip
verify source port-security interface configuration command,
there are two caveats:
• The DHCP server must support option-82, or the client is not
assigned an IP address.
• The MAC address in the DHCP packet is not learned as a secure
address. The MAC address of the DHCP client is learned as a
secure address only when the switch receives non-DHCP data
traffic.
Step 4
exit Returns to global configuration mode.
Step 5
ip source binding mac-address vlan
vlan-id ip-address inteface interface-id
Adds a static IP source binding.
Enter this command for each static binding.
Step 6
end Returns to privileged EXEC mode.
Command Purpose
Step 1
configure terminal Enters global configuration mode.
Step 2
ip device tracking Opens the IP host table, and globally enables IP device
tracking.
Step 3
interface interface-id Enters interface configuration mode.
Step 4
switchport mode access Configures a port as access.
Step 5
switchport access vlan vlan-id Configures the VLAN for this port.
