22-25
Catalyst 3750 SwitchSoftware Configuration Guide
OL-8550-09
Chapter22 Configuring DHCP Features and IP Source Guard Features
Configuring IP Source Guard
Configuring IP Source Guard for Static Hosts on a Private VLAN Host Port
Note You must globally configure the ip device tracking maximum limit-number interface configuration
command globally for IPSG for static hosts to work. If you only configure this command on a port
without enabling IP device tracking globally or setting an IP device tracking maximum on that interface,
IPSG with static hosts will reject all the IP traffic from that interface. This requirement also applies to
IPSG with static hosts on a Layer 2 access port.
Beginning in privileged EXEC mode, follow these steps to configure IPSG for static hosts with IP filters
on a Layer 2 access port:
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 vlan vlan-id1 Enter VLAN configuration mode.
Step3 private-vlan primary Establish a primary VLAN on a private VLAN port.
Step4 exit Exit VLAN configuration mode.
Step5 vlan vlan-id2 Enter configuration VLAN mode for another VLAN.
Step6 private-vlan isolated Establish an isolated VLAN on a private VLAN port.
Step7 exit Exit VLAN configuration mode.
Step8 vlan vlan-id1 Enter configuration VLAN mode.
Step9 private-vlan association 201 Associate the VLAN on an isolated private VLAN port.
Step10 exit Exit VLAN configuration mode.
Step11 interface fastEthernet interface-id Enter interface configuration mode.
Step12 switchport mode private-vlan host (Optional) Establish a port as a private VLAN host.
Step13 switchport private-vlan host-association vlan-id1
vlan-id2
(Optional) Associate this port with the corresponding
private VLAN.
Step14 ip device tracking maximum number Establish a maximum for the number of static IPs that
the IP device tracking table allows on the port.
The maximum is 10.
Note You must globally configure the ip device
tracking maximum number interface command
for IPSG for static hosts to work.
Step15 ip verify source tracking [port-security] Activate IPSG for static hosts with MAC address
filtering on this port.
Step16 end Exit configuration interface mode.
Step17 show ip device tracking all Verify the configuration.
Step18 show ip verify source interface interface-id Verify the IP source guard configuration. Display IPSG
permit ACLs for static hosts.