I need your help. I tried to search through the Internet but with no success. In our network we have one Cisco WS-C2960X-48TS-LL switch. However it's not possible to implement IP Source Guard and DAI because there is lack of "ip verify source" and "ip arp inspection" commands. IP DHCP Snooping works fine. On the switch is installed the latest and suggested IOS version 15.2.7E4.
Here is a bit of the config:
Index 1 Feature: lanbase
Period left: 0 minute 0 second
Index 2 Feature: lanlite
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Priority: Medium
License Count: Non-Counted
Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.2(7)E4, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2021 by Cisco Systems, Inc.
Compiled Mon 08-Mar-21 11:26 by prod_rel_team
ROM: Bootstrap program is C2960X boot loader
BOOTLDR: C2960X Boot Loader (C2960X-HBOOT-M) Version 15.2(6r)E, RELEASE SOFTWARE (fc1)
TPA-WAW-SW4 uptime is 3 weeks, 4 days, 16 hours, 6 minutes
System returned to ROM by reload
System restarted at 18:36:09 CEST Sat May 29 2021
System image file is "flash:/c2960x-universalk9-mz.152-7.E4.bin"
Last reload reason: power-on
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
If you require further assistance please contact us by sending email to
cisco WS-C2960X-48TS-LL (APM86XXX) processor (revision H0) with 262144K bytes of memory.
Processor board ID FOC1910S6NG
Last reset from power-on
1 Virtual Ethernet interface
1 FastEthernet interface
50 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 40:A6:E8:DB:A1:80
Motherboard assembly number : 73-15974-02
Power supply part number : 341-0537-02
Motherboard serial number : FOC19103ACM
Power supply serial number : DCB1905833G
Model revision number : H0
Motherboard revision number : B0
Model number : WS-C2960X-48TS-LL
Daughterboard assembly number : 73-14200-03
Daughterboard serial number : FOC19105YH6
System serial number : FOC1910S6NG
Top Assembly Part Number : 800-41471-01
Top Assembly Revision Number : C0
Version ID : V03
CLEI Code Number : COMGK00ARG
Daughterboard revision number : A0
Hardware Board Revision Number : 0x12
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 50 WS-C2960X-48TS-LL 15.2(7)E4 C2960X-UNIVERSALK9-M
Configuration register is 0xF
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#ip arp ?
gratuitous Gratuitous ARP control
poll IP ARP polling for unnumbered interfaces
proxy Global proxy ARP configuration
track ARP Track configuration
Switch(config)#int gigabitEthernet 0/20
Interface IP configuration subcommands:
access-group Specify access control for packets
admission Apply Network Admission Control
device IP Device tracking
dhcp Configure DHCP parameters for this interface
flow NetFlow related commands
igmp IGMP interface commands
Switch(config)#ip dhcp snooping ?
database DHCP snooping database agent
glean DHCP read only snooping
information DHCP Snooping information
verify DHCP snooping verify
vlan DHCP Snooping vlan
wireless DHCP snooping wireless
Is there any chance to implement IP Source Guard and DAI on that switch? I would be grateful for any suggestions
Thank you for your quick reply. However this Cisco Feature Navigator is not reliable in my case, because as well it doesn't show other older switches as Catalyst 3560x which has all the mentioned features. It also doesn't show that WS-C2960X-48TS-LL has DHCP snooping, what works on it as shown in the given output. I think this feature shows only most recent network devices.
This looks like a limitation on the current platform, i have tested with 29xx devices in my environment. Although we dont use the source gaurd feature. It did not work on 29xx but was working on 3550 and above.
Searched for command ref for the code train you are running could find anything there as well.
Let us know if you find anything