3 topology, 4 configurations, 5 validation commands – CANOGA PERKINS 9175 Configuration Guide User Manual

CanogaOS Configuration Guide

38-2

38.3 Topology

Figure 38-1: IP Source Guard

This figure is the networking topology for testing IP source guard functions.

38.4 Configurations

Create vlan and add interface to vlan

DUT#configure terminal

Enter the Configure mode.

DUT(config)#vlan database

Configure VLAN database.

DUT(config-vlan)#vlan 3

Create vlan 3.

DUT(config-vlan)#exit

Exit the Vlan Configure mode.

DUT(config)#interface eth-0-16

Enter the Interface Configure mode.

DUT(config-if)#switchport Make

sure the port is switch port.

DUT(config-if)#switchport access vlan 3

Add the port to vlan 3.

DUT(config-if)#exit Exit

the

Interface Configure mode.

Configure IP source guard

DUT(config)#ip source maximal binding number
per-port 15

Set maximal binding number per-port (optional, the
default number is 10).

DUT(config)#ip source binding mac 1111.1111.1111
vlan 3 ip 10.0.0.2 interface eth-0-16

Add static IP source guard binding item.

DUT(config)#interface eth-0-16

Enter the Interface Configure mode.

DUT(config-if)#ip verify source ip

Enable IP source guard feature on interface eth-0-16
(enable IP filtering).

DUT(config-if)#exit Exit

the

Interface Configure mode.

38.5 Validation Commands

Check all IP source guard binding items

DUT#show ip source binding
IP source guard binding table:
VLAN MAC Address Type IP Address Interface State
================================================================
3 1111.1111.1111 static 10.0.0.2 eth-0-16 ip