07-31-2009 12:17 AM - edited 03-04-2019 05:36 AM
Hi Experts,
I am practising SOURCE GAURD using command "ip verify source".
I am aware that "source guard" feature will be used with DHCP snooping to verify IP Address. Also, "ip verify source port-security" can be enabled to verify the MAC Address.
If i donot have DHCP scenario, and if i want to enable source guard, how to do ?. where I have to configure the static IP Address mapping?
can anyone help me
sairam
Solved! Go to Solution.
07-31-2009 12:30 AM
Hello Sairam,
It is possible to run IP Source Guard without DHCP, however, setting up the mappings between the MACs and IPs can be tedious.
Check this document:
Specifically, you are looking for the command "ip source binding". It is described in the above document - check it up.
Best regards,
Peter
07-31-2009 12:30 AM
Hello Sairam,
It is possible to run IP Source Guard without DHCP, however, setting up the mappings between the MACs and IPs can be tedious.
Check this document:
Specifically, you are looking for the command "ip source binding". It is described in the above document - check it up.
Best regards,
Peter
08-04-2009 12:24 AM
Hi Sairam
if you do dot have a DHCP scenario, you have also to activate DHCP snooping for IP Source Guard to work. You have also to configure the port for "ip dhcp snooping untrusted".
If you use IP Source Guard with L2-Address verification, you have to to use dhcp snooping with option 82.
(the last one i have never seen working :-)
lg Herbert
08-04-2009 12:26 AM
the static mappings are configured like this
ip source binding 0014.3813.E877 vlan 1 10.1.20.200 interface Fa0/7
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide