27-4
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
Chapter 27 Configuring IP Source Guard
How to Configure IP Source Guard
You can enable this feature when 802.1x port-based authentication is enabled.
If the number of ternary content addressabl e memory (TCAM) entries exceeds the maximum, t he
CPU usage increases.
How to Configure IP Source Guard

Enabling IP Source Guard

Configuring IP Source Guard for Static Hosts on a Layer 2 Access Port

Command Purpose
Step 1 configure terminal Enters global configuration mode.
Step 2 interface interface-id Specifies the interface to be configured, and enters interface
configuration mode.
Step 3 ip verify source
or
ip verify source port-security
Enables IPSG with source IP address filtering.
Enables IPSG with source IP and MAC address filtering.
Note When you enable both IPSG and port security by using the ip
verify source port-security interface configuration command,
there are two caveats:
The DHCP server must support option-82, or the client is not
assigned an IP address.
The MAC address in the DHCP packet is not learned as a secure
address. The MAC address of the DHCP client is learned as a
secure address only when the switch receives non-DHCP data
traffic.
Step 4 exit Returns to global configuration mode.
Step 5 ip source binding mac-address vlan
vlan-id ip-address inteface interface-id
Adds a static IP source binding.
Enter this command for each static binding.
Step 6 end Returns to privileged EXEC mode.
Command Purpose
Step 1 configure terminal Enters global configuration mode.
Step 2 ip device tracking Opens the IP host table, and globally enables IP device
tracking.
Step 3 interface interface-id Enters interface configuration mode.
Step 4 switchport mode access Configures a port as access.
Step 5 switchport access vlan vlan-id Configures the VLAN for this port.