Filters and QoS Configuration for ERS 5500
Technical Configuration Guide v2.0 NN48500-559
___________________________________________________________________________________________________________________________
Nortel Confidential Information Copyright © 2008 Nortel Networks. All Rights Reserved.
External Distribution
31
• 5500(config)#ip arp-inspection vlan 100
• 5500(config)#ip arp-inspection vlan 200
• 5500(config)#interface fastEthernet 1/24
• 5500(config-if)#ip arp-inspection trusted
• 5500(config-if)#exit
8.3 IP Source Guard IP source guard works together with the DHCP snooping binding table by provi ding security
against invalid source IP addresses. If enabled, the source IP address is c hecked against the
source IP address in the binding table on untrusted ports. If the incoming s ource IP address does
not match the IP address in the binding table, the packet is dropped. Pl ease note that manual
(static) assignment of IP addresses is not allowed as DHCP snooping does not support static
binding entries
8.3.1 IP Source Guard Configuration
Assuming DHCP snooping is already configured with untrusted port members 2-20, enter the
following commands:
• 5500(config)#interface fastEthernet 2-20
• 5500(config-if)#ip verify source
• 5500(config-if)#exit