Manualshelf

Specifications

ManualsBrandsCisco ManualsDocking StationAccess Registrar 3.5
331332333334335336337338339340
2-278
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
Chapter 2 Cisco IOS Commands for the Catalyst 4500 Series Switches
ip verify source
ip verify source
To enable IP source guard on u ntrust ed Layer 2 inte rfaces, us e the ip verify source command. To disable
IP source guard on untrusted La yer 2 interfaces, use the no form of this command.
ip verify source {vlan dhcp-snooping | track ing } [po rt-s ec uri ty ]
no ip verify source {vlan dhcp-snooping | tracking} [port-security]
Syntax Description
Defaults I P sourc e guard is disabled.
Command Modes Global c onfiguratio n mode
Examples This exampl e shows how to enable IP source gua rd on VLANs 10 through 20 on a per-p ort basis:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip dhcp snooping
Switch(config)# ip dhcp snooping vlan 10 20
Switch(config)# interface fastethernet6/1
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk native vlan 10
Switch(config-if)# switchport trunk allowed vlan 11-20
Switch(config-if)# no ip dhcp snooping trust
Switch(config-if)# ip verify source vlan dhcp-snooping
Switch(config)# end
Switch# show ip verify source interface f6/1
Interface Filter-type Filter-mode IP-address Mac-address Vlan
--------- ----------- ----------- --------------- ----------------- ----------
Fa6/1 ip-mac active 10.0.0.1 10
Fa6/1 ip-mac active deny-all 11-20
Switch#
This example shows how to enable IP port security with IP-MAC filters on a Layer 2 access port:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip device tracking
Switch(config)# interface fastEthernet 4/3
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 1
Switch(config-if)# ip device tracking maximum 5
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 5
Switch(config-if)# ip verify source tracking port-security
Switch(config-if)# end
vlan dhcp-snooping Enables IP source guard on untrusted Layer 2 DHCP snooping interfaces.
tracking Enables IP port security to learn static IP address learning on a port.
port-security (Optio nal) Filters both source IP and MAC addresses using the port
security feature.