07-25-2018 06:59 AM - edited 07-25-2018 07:15 AM
SG300 switch
Hi,
Currently testing the IP Source Guard feature and planning to eventually roll it out in our network if all works well. I'm doing minor steps and I'm currently trying to enable source guard through the web interface on a specific test port (GE13) but the switch wouldn't let me and throws me this specific error:
-latest firmware
-dhcp snooping enabled and the port is untrusted
-no mac/ip acl's or ace's are present on the switch
-switch runs in layer 2
-tried first disabling the port and then enable source guard, same result
-port security not enabled
-arp inspection not enabled
There isn't any mention about an acl that needs to be set in the documentation:
I also saw this post from someone implementing this on an ios switch and while SG300 doesn't have real ios, he also doesn't use acl:
http://packetlife.net/blog/2009/may/25/ip-source-guard-without-dhcp/
What am I doing wrong? How can i make it work? Unless I'm overlooking something, this either looks like a firmware bug or a shortcoming in the documentation.
07-26-2018 11:56 PM
Anyone?
08-03-2018 07:16 AM
There's really no Cisco representative who can answer this question?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide