User manual
Table Of Contents
- Introduction
- Product Overview
- Installation and Quick Startup
- Package Contents
- Switch Installation
- Installing the Switch in a Rack
- Quick Starting the Switch
- System Information Setup
- Quick Start up Software Version Information
- Quick Start up Physical Port Data
- Quick Start up User Account Management
- Quick Start up IP Address
- Quick Start up Uploading from Switch to Out-of-Band PC
- Quick Start up Downloading from Out-of-Band PC to Switch
- Quick Start up Downloading from TFTP Server
- Quick Start up Factory Defaults
- Console and Telnet Administration Interface
- Web-Based Management Interface
- Command Line Interface Structure and Mode-based CLI
- Switching Commands
- System Information and Statistics commands
- Device Configuration Commands
- Interface
- L2 MAC Address and Multicast Forwarding Database Tables
- VLAN Management
- Double VLAN commands
- GVRP and Bridge Extension
- IGMP Snooping
- IGMP Snooping Querier
- MLD Snooping
- MLD Snooping Querier
- Port Channel
- Storm Control
- L2 Priority
- Port Mirror
- Link State
- Port Backup
- FIP Snooping
- Enhanced Transmission Selection (ETS)
- Congestion Notification
- Management Commands
- Spanning Tree Commands
- System Log Management Commands
- Script Management Commands
- User Account Management Commands
- Security Commands
- CDP (Cisco Discovery Protocol) Commands
- SNTP (Simple Network Time Protocol) Commands
- MAC-Based Voice VLAN Commands
- LLDP (Link Layer Discovery Protocol) Commands
- Denial Of Service Commands
- VTP (VLAN Trunking Protocol) Commands
- Protected Ports Commands
- Static MAC Filtering Commands
- System Utilities
- DHCP Snooping Commands
- IP Source Guard (IPSG) Commands
- Dynamic ARP Inspection (DAI) Command
- Differentiated Service Command
- ACL Command
- IPv6 ACL Command
- CoS (Class of Service) Command
- Domain Name Server Relay Commands
- Routing Commands
- IP Multicast Commands
- IPv6 Commands
- Web-Based Management Interface
- Overview
- System Menu
- View ARP Cache
- Viewing Inventory Information
- Configuring Management Session and Network Parameters
- Defining Forwarding Database
- Viewing Logs
- Managing Switch Interface
- Defining sFlow
- Defining SNMP
- Viewing Statistics
- Managing System Utilities
- Managing CDP Function
- Defining Trap Manager
- Configuring SNTP
- Defining DHCP Client
- Defining DNS Relay Function
- Switching Menu
- Managing DHCP Snooping
- Managing IP Source Guard (IPSG)
- Managing Dynamic ARP Inspection (DAI)
- Managing Filters
- Managing Port-based VLAN
- Managing Protected Ports
- Managing Protocol-based VLAN
- Managing IP Subnet-based VLAN
- Managing MAC-based VLAN
- Managing MAC-based Voice VLAN
- Managing Voice VLAN
- Defining GARP
- Managing IGMP Snooping
- Managing IGMP Snooping Querier
- Managing MLD Snooping
- Managing MLD Snooping Querier
- Managing Port-Channel
- Viewing Multicast Forwarding Database
- Managing Spanning Tree
- Defining 802.1p priority
- Managing Port Security
- Managing LLDP
- Managing LLDP-MED
- Managing VTP
- Managing Link State
- Managing Port-Backup
- Managing FIP-Snooping
- Routing Menu
- Security Menu
- IPv6 Menu
- Configuring IPv6 Global Configuration Page
- Configuring IPv6 Interface Configuration Page
- Viewing IPv6 Interface Summary Page
- Viewing IPv6 Interface Statistics Page
- Viewing IPv6 Neighbor Table Information Page
- Viewing IPv6 Static Neighbor Table Information Page
- Managing OSPFv3 Protocol
- Managing IPv6 Routes
- Managing RIPv6
- QOS Menu
- IPv4 Multicast Menu
- IPv6 Multicast Menu
- 350 -
Syntax
ip dhcp snooping information option allow-untrusted
no ip dhcp snooping information option allow-untrusted
no - This command disallows DHCP packet received form untrusted port with option 82 data.
Default Setting
Disabled
Command Mode
Global Config
7.19 IP Source Guard (IPSG) Commands
IP Source Guard (IPSG) is a security feature that filters IP packets based on source ID. The source ID
may be either the source IP address or a {source IP address, source MAC address} pair. The DHCP
snooping binding database and static IPSG entries identify authorized source IDs. You can configure:
• Whether enforcement includes the source MAC address.
• Static authorized source IDs.
Similar to DHCP snooping, this feature is enabled on a DHCP snooping untrusted Layer 2 port. Initially, all
IP traffic on the port is blocked except for DHCP packets that are captured by the DHCP snooping
process. When a client receives a valid IP address from the DHCP server, or when a static IP source
binding is configured by the user, a per-port and VLAN Access Control List is installed on the port. This
process restricts the client IP traffic to those source IP addresses configured in the binding; any IP traffic
with a source IP address other than that in the IP source binding is filtered out. This filtering limits a host’s
ability to attack the network by claiming a neighbor host's IP address.
IPSG can be enabled on physical or LAG ports. IPSG is disabled by default. If you enable IPSG on a port
where DHCP snooping is disabled or where DHCP snooping is enabled but the port is trusted, all IP traffic
received on that port is dropped depending on the admin-configured IPSG entries. IPSG cannot be
enabled on a port-based routing interface.
7.19.1 Show Commands
7.19.1.1 show ip verify
This command displays the IPSG interface configurations on all ports.
Syntax