Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
679
Views
5
Helpful
5
Replies

IP SOURCE GUARD not work on EVE-NG

Go to solution
dragonhunt9111
Level 1
Level 1

ā€Ž10-24-2023 02:51 AM - last edited on ā€Ž10-25-2023 09:56 PM by Community Manager

Hello friends,

I test IP source guard on EVE-NG as below topo:

dragonhunt9111_0-1698140752309.png

I config on switch DHCP snooping and IP source guard. then VPC get IP from DHCP server (R1) ok

But dont know why after I enable IP source guard, VPC3 can not

ping to R1 192.168.1.1

(If i remove

IP SG

command, ping is ok again)

dragonhunt9111_2-1698140955854.png

This is showing on switch, it seems OK.

dragonhunt9111_1-1698140884774.png

This below is my configuration on Sw:

ip dhcp snooping vlan 1
no ip dhcp snooping information option
ip dhcp snooping

interface Ethernet0/0
ip dhcp snooping trust
!
interface Ethernet0/1
ip verify source
!
interface Ethernet0/2
ip verify source

 

Please help me.

Thank you!!

 

 

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Martin L
VIP
VIP

ā€Ž10-25-2023 08:03 AM - edited ā€Ž10-25-2023 10:13 PM

it does not work even with manual host binding

 ip source binding xyz
! example
ip source binding AABB.CC03.7000 vlan 2000 10.3.100.112 interface Fa0/0

while

ip dhcp snooping vlan 2000

snooping works fine;  IP source verify creates dynamic port ACL to filter traffic - that could be the issue. it must be virtual image incapability.

Regards, ML
**Please Rate All Helpful Responses **

View solution in original post

5 Replies 5

Go to solution
Martin L
VIP
VIP

ā€Ž10-24-2023 03:30 AM

what is this name of IOS image / version and is it implemented in this virtual IOS ?

Regards, ML
**Please Rate All Helpful Responses **

0 Helpful

Go to solution
dragonhunt9111
Level 1
Level 1
In response to Martin L

ā€Ž10-24-2023 03:32 AM

Hello Martin,

I use IOL in EVE-NG. This is show version of it.

Cisco IOS Software, Linux Software (I86BI_LINUXL2-ADVENTERPRISEK9-M), Version 15.2(CML_NIGHTLY_20190423)FLO_DSGS7, EARLY DEPLOYMENT DEVELOPMENT BUILD, synced to V152_6_0_81_E
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2019 by Cisco Systems, Inc.
Compiled Tue 23-Apr-19 02:38 by mmen

ROM: Bootstrap program is Linux

SW_L2 uptime is 51 minutes
System returned to ROM by reload at 0
System image file is "unix:/opt/unetlab/addons/iol/bin/i86bi_Linux-L2-Adventerprisek9-ms.SS"
Last reload reason: Unknown reason

 

0 Helpful

Go to solution
Martin L
VIP
VIP
In response to dragonhunt9111

ā€Ž10-25-2023 12:01 AM

i could not verify if this image supports IP source guard; will try later today as I think I have the same image; Does CML has newer version of L2/L3 switch image?  Note "Iron " image name keyword is missing which is a must have IOL image for proper L3 switching.

Regards, ML
**Please Rate All Helpful Responses **

Go to solution
paul driver
VIP
VIP

ā€Ž10-24-2023 11:40 PM

Hello
I believe Eve-ng/Virl images dont support IPSG and  you require a EMI image (Enhanced Multilayer Software) for it to work correctly.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the communityā€™s global network.

Kind Regards
Paul

Go to solution
Martin L
VIP
VIP

ā€Ž10-25-2023 08:03 AM - edited ā€Ž10-25-2023 10:13 PM

it does not work even with manual host binding

 ip source binding xyz
! example
ip source binding AABB.CC03.7000 vlan 2000 10.3.100.112 interface Fa0/0

while

ip dhcp snooping vlan 2000

snooping works fine;  IP source verify creates dynamic port ACL to filter traffic - that could be the issue. it must be virtual image incapability.

Regards, ML
**Please Rate All Helpful Responses **

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card