Cisco Systems 4500 Manual

A SERVICE OF

next previous

45-25

Software Configuration Guide—Release 15.0(2)SG

OL-23818-01

Chapter 45 Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts

Configuring IP Source Guard for Static Hosts

Configuring IPSG for Static Hosts on a Layer 2 Access Port

You can configure IPSG for static hosts on a Layer 2 access port.

To enable IPSG for static hosts with IP filters on a Layer 2 access port, perform this task:

Command Purpose

Step 1

Switch(config)# ip device tracking

Turns on the IP host table.

Step 2

Switch(config)# ip device tracking [probe {count

count | interval interval}]

(Optional) Configures these parameters for the IP device

tracking table:

• count—Number of times that the switch sends the

ARP probe. The range is 1 to 5. The default is 3.

• interval—Number of seconds that the switch waits

for a response before resending the ARP probe. The

range is 30 to 300 seconds. The default is 30

seconds.

Step 3

Switch(config)# ip device tracking [probe {delay

interval}]

(Optional) Configures the optional probe delay

parameter for the IP device tracking table:

• interval—Number of seconds that the switch delays

sending an ARP probe, triggered by link-up and

ARP probe generation by the tracked device. The

range is 1 to 120 seconds. The default is 0 seconds.

Step 4

Switch(config)# interface fastEthernet a/b

Enters IP configuration mode.

Step 5

Switch(config-if)# switchport mode access

Configures a port as access.

Step 6

Switch(config-if)# switchport access vlan n

Configures the VLAN for this port.

Step 7

Switch(config-if)# ip device tracking maximum n

Establishes a maximum limit for the bindings on this

port.

Upper bound for the maximum is 10.

Step 8

Switch(config-if)# switchport port-security

(Optional) Activates port security for this port.

Step 9

Switch(config-if)# switchport port-security

maximum n

(Optional) Establishes a maximum number of MAC

addresses for this port.

Step 10

Switch(config-if)# ip verify source tracking

[port-security]

Activates IPSG for static hosts on this port.

Step 11

Switch(config-if)# end

Exits configuration interface mode.

Step 12

Switch# show ip verify source interface-name

Verifies the configuration.

Step 13

Switch# show ip device track all

[active | inactive] count

Verifies the configuration by displaying the IP-to-MAC

binding for a given host on the switch interface.

• all active—Displays only the active IP-to-MAC

binding entries.

• all inactive—Displays only the inactive IP-to-MAC

binding entries.

• all—Displays the active and inactive IP-to-MAC

binding entries.