Ip source-guard – Brocade Communications Systems Brocate Ethernet Access Switch 6910 User Manual
Page 276
226
Brocade 6910 Ethernet Access Switch Configuration Guide
53-1002581-01
IP Source Guard
10
Command Usage
•
Table entries include a MAC address, IP address, lease time, entry type (Static-IP-SG-Binding,
Dynamic-DHCP-Binding), VLAN identifier, and port identifier.
•
All static entries are configured with an infinite lease time, which is indicated with a value of
zero by the
•
When source guard is enabled, traffic is filtered based upon dynamic entries learned via DHCP
snooping, or static addresses configured in the source guard binding table with this command.
•
Static bindings are processed as follows:
•
If there is no entry with same VLAN ID and MAC address, a new entry is added to binding
table using the type of static IP source guard binding.
•
If there is an entry with same VLAN ID and MAC address, and the type of entry is static IP
source guard binding, then the new entry will replace the old one.
•
If there is an entry with same VLAN ID and MAC address, and the type of the entry is
dynamic DHCP snooping binding, then the new entry will replace the old one and the entry
type will be changed to static IP source guard binding.
Example
This example configures a static source-guard binding on port 5.
Console(config)#ip source-guard binding 11-22-33-44-55-66 vlan 1 192.168.0.99
interface ethernet 1/5
Console(config-if)#
Related Commands
ip source-guard (226)
ip dhcp snooping (216)
ip dhcp snooping vlan (220)
ip source-guard
This command configures the switch to filter inbound traffic based source IP address, or source IP
address and corresponding MAC address. Use the no form to disable this function.
Syntax
ip source-guard {sip | sip-mac}
no ip source-guard
sip - Filters traffic based on IP addresses stored in the binding table.
sip-mac - Filters traffic based on IP addresses and corresponding MAC addresses stored in
the binding table.
Default Setting
Disabled
Command Mode
Interface Configuration (Ethernet)