Access Control Lists

3-109

3
Web – Click IP Source Guard, Port Configuration. Set the required filtering type for
each port and click Apply.
Figure 3-67 IP Source Guard Port Configuration
CLI – This example shows how to enable IP source guard on port 5 to check the
source IP address for ingress packets against the binding table.

Configuring Static Binding for IP Source Guard

Use the IP Source Guard Static Configuration page to bind a static address to a port.
Table entries include a MAC address, IP address, lease time, entry type (Static,
Dynamic), VLAN identifier, and port identifier. All static entries are configured with
an infinite lease time, which is indicated with a value of zero in the table.
Command Usage
Static addresses entered in the source guard binding table are automatically
configured with an infinite lease time. Dynamic entries learned via DHCP snooping
are configured by the DHCP server itself.
Static bindings are processed as follows:
- If there is no entry with the same VLAN ID and MAC address, a new entry is
added to the binding table using the type “static IP source guard binding.”
- If there is an entry with the same VLAN ID and MAC address, and the type of
entry is static IP source guard binding, then the new entry will replace the old
one.
Console(config)#interface ethernet 1/5
Console(config-if)#ip source-guard sip 4-139
Console(config-if)#end
Console#show ip source-guard 4-142
Interface Filter-type
--------- -----------
Eth 1/1 DISABLED
Eth 1/2 DISABLED
Eth 1/3 DISABLED
Eth 1/4 DISABLED
Eth 1/5 SIP
Eth 1/6 DISABLED
.
.
.