CLI Reference Guide-R05

ManualsBrandsEdgecore Networks ManualsEnterpriseL2 Gigabit Ethernet Carrier Grade Switch

311

312

313

314

315

316

317

318

319

320

Table Of Contents

Chapter 9

| General Security Measures

IP Source Guard

– 316 –

show ip dhcp

snooping

This command shows the DHCP snooping configuration settings.

Command Mode

Privileged Exec

Example

Console#show ip dhcp snooping

Verify Source MAC-Address: enabled

Interface Trusted Circuit-ID mode Circuit-ID Value

---------- ---------- ----------,---, --------------------------------

Eth 1/1 No VLAN-Unit-Port ---

Eth 1/2 No VLAN-Unit-Port ---

Eth 1/3 No VLAN-Unit-Port ---

Eth 1/4 No VLAN-Unit-Port ---

Eth 1/5 No VLAN-Unit-Port ---

show ip dhcp

snooping binding

This command shows the DHCP snooping binding table entries.

Command Mode

Privileged Exec

Example

Console#show ip dhcp snooping binding

MAC Address IP Address Lease(sec) Type VLAN Interface

----------------- --------------- ---------- -------------------- ---- ---------

11-22-33-44-55-66 192.168.0.99 0 Dynamic-DHCPSNP 1 Eth 1/5

Console#

IP Source Guard

IP Source Guard is a security feature that filters IP traffic on network interfaces

based on manually configured entries in the IP Source Guard table, or dynamic

entries in the DHCP Snooping table when enabled (see “DHCP Snooping” on

page 304). IP source guard can be used to prevent traffic attacks caused when a

host tries to use the IP address of a neighbor to access the network. This section

describes commands used to configure IP Source Guard.

Table 60: IP Source Guard Commands

Command Function Mode

ip source-guard binding Adds a static address to the source-guard binding table GC

ip source-guard Configures the switch to filter inbound traffic based on

source IP address, or source IP address and

corresponding MAC address