beautypg.com

Enabling ip source guard on a port, Defining static ip source bindings, Enabling ip source guard per-port-per-vlan – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 351: Enabling ip source guard on a ve

background image

Enabling IP source guard on a port

You can enable IP Source Guard on DHCP snooping untrusted ports. Refer to

DHCP snooping

on page

336 for how to configure DHCP and DHCP untrusted ports.

By default, IP Source Guard is disabled. To enable IP Source Guard on a DHCP untrusted port, enter
the following commands.

device(config)#interface ethernet 1/4

device(config-if-e10000-1/4)#source-guard enable

The commands change the CLI to the interface configuration level for port 1/4 and enable IP Source
Guard on the port.

Syntax: [no] source-guard enable

Defining static IP source bindings

You can manually enter valid IP addresses in the binding database. To do so, enter a command such
as the following.

device(config)#ip source binding 10.10.10.1 e 2/4 vlan 4

Syntax: no ip source binding ip-address ethernet slotnum / portnum [ vlan vlannum ]

For ip-address , enter a valid IP address.

The slotnum parameter is required on chassis devices.

The portnum parameter is a valid port number.

The [vlanvlannum ] parameter is optional. If you enter a VLAN number, the binding applies to that
VLAN only. If you do not enter a VLAN number, the static binding applies to all VLANs associated with
the port. Note that since static IP source bindings consume system resources, you should avoid
unnecessary bindings.

Enabling IP source guard per-port-per-VLAN

To enable IP Source Guard per-port-per VLAN, enter commands such as the following.

device(config)#vlan 12 name vlan12

device(config-vlan-12)#untag ethernet 5 to 8

device(config-vlan-12)#tag ethernet 23 to 24

device(config-vlan-12)#exit

device(config)#int e 23

device(config-if-e1000-23)#per-vlan vlan12

device(config-if-e1000-23-vlan-12))#source-guard enable

The commands in this example configure port-based VLAN 12, and add ports e 5 - 8 as untagged ports
and ports e 23 - 24 as tagged ports to the VLAN. The last two commands enable IP Source Guard on
port e 23, a member of VLAN 12.

Syntax: [no] source-guard enable

Enabling IP source guard on a VE

To enable IP Source Guard on a virtual interface, enter commands such as the following.

device(config)#vlan 2

Enabling IP source guard on a port

FastIron Ethernet Switch Security Configuration Guide

351

53-1003088-03

See also other documents in the category Brocade Computer Accessories: