beautypg.com

Displaying ip source inspection status and ports, Ip source guard cam – Brocade Multi-Service IronWare Switching Configuration Guide (Supporting R05.6.00) User Manual

Page 807

background image

Multi-Service IronWare Switching Configuration Guide

777

53-1003036-02

IP source guard CAM

19

The vlan_number variable specifies the ID of a configured VLAN.

If the strict option is enabled, then valid IP source address is bound to a particular source port. This
configuration can be learned from a DHCP reply, or manually configured.

NOTE

The strict mode requires DHCP relay-information insertion to be turned on.

Displaying IP source inspection status and ports

To display the IP Source Guard status for a VLAN, and the guarded or unguarded ports in the VLAN,
enter the following command.

The show ip source-inspection vlan command displays IP Source inspection configuration for VLAN
10 in loose mode.

Syntax: show ip source-inspection [vlan vlan_id]

The vlan_id variable specifies the ID of a configured vlan.

NOTE

This command is also available for debugging purposes on the Interface Module.

IP source guard CAM

The Brocade device configuration uses a layer 4 ACL CAM to implement IP Source guard. When IP
or MAC binding is learned or configured on an IP Source Guarded vlan-port, a layer 4 ACL CAM is
programmed to allow valid source IP addresses.

When ACL is manually configured, a configuration conflict occurs with IP Source Guard, because it
uses a layer 4 ACL CAM. The Brocade device gives user ACL configuration a higher priority. When
both IP Source Guard and user ACL is configured, the user ACL configuration takes precedence
over IP Source Guard.

IP Source Guard uses layer 4 ACL CAM to check layer 2 switched traffic. When IP Source Guard is
configured, the layer 3 port check flag is turned on. When IP Source Guard is configured, all traffic
from the same physical port is subject to a layer 4 ACL check.

Brocade(config)#sh ip source-inspection vlan 10

IP Source Inspection configuration for VLAN 10:

Inspection mode: loose

un-guarded ports:

ethe 1/4 ethe 1/18

guarded ports:

ethe 1/20

See also other documents in the category Brocade Computer Accessories: