IP Source Guard

IP Source Guard 3

Web – Click DHCP Snooping, DHCP Snooping Binding Information.

Figure 3-118 DHCP Snooping Binding Information

CLI – This example shows how to display the DHCP Snooping binding table entries.

Console#show ip dhcp snooping binding			4-237
MacAddress	IpAddress	Lease(sec) Type	VLAN
Interface

----------------- --------------- ---------- -------------------- ---- --

11-22-33-44-55-66 192.168.0.990 Dynamic1 Eth 1/5

Console#

IP Source Guard is a security feature that filters IP traffic on network interfaces based on manually configured entries in the IP Source Guard table, or static and dynamic entries in the DHCP Snooping table when enabled (see “DHCP Snooping” on page 3-186). IP source guard can be used to prevent traffic attacks caused when a host tries to use the IP address of a neighbor to access the network. This section describes commands used to configure IP Source Guard.

Note: Due to a chip limitation, IP source guard and Quality of Service (only for IP related QoS function) cannot be enabled at the same time. Thus, if the user has already enabled the IP source guard function, it needs to be disabled first in order for the QoS function to work and vice versa.

IP Source Guard Port Configuration

IP Source Guard is used to filter traffic on an unsecure port which receives messages from outside the network or firewall, and therefore may be subject to traffic attacks caused by a host trying to use the IP address of a neighbor.

When enabled, traffic is filtered based upon dynamic entries learned via DHCP snooping or static addresses configured in the source guard binding table. An inbound packet’s IP address (sip option) or both its IP address and corresponding MAC address (sip-mac option) are checked against the binding table. If no matching entry is found, the packet is dropped.

3-191

Page 235

Image 235

SMC Networks SMC8150L2 IP Source Guard Port Configuration, Web Click Dhcp Snooping, Dhcp Snooping Binding Information

Contents

Management Guide Page TigerSwitch 10/100/1000 Management Guide Page Contents Page Iii Page Command Line Interface Page Vii Viii Contents Page Contents Xii Xiii Appendix a Software SpecificationsAppendix B Troubleshooting Glossary Index Xiv Tables Xvi Xvii Xviii Xix Figures Figures Xxi Xxii Key Features Key FeaturesFeature Description Introduction Description of Software Features Description of Software Features Introduction Description of Software Features System Defaults System DefaultsFunction Parameter Default Client Enabled System Defaults Function Parameter Sntp Configuration Options Connecting to the Switch Required Connections Initial Configuration Remote Connections Basic ConfigurationConsole Connection Setting an IP Address Setting PasswordsManual Configuration Dynamic Configuration Enabling Snmp Management Access Trap Receivers Configuring Access for Snmp Version 3 Clients Saving Configuration Settings Managing System Files Initial Configuration Using the Web Interface Configuring the Switch Home Navigating the Web Browser Interface Revert Apply Help Configuration Options ActionPanel Display Button Main Menu Description Main MenuSystem System Information ACL Configuration Allows ports to dynamically join trunks 116 STA 131 Class-of-service value122 Current Table 152 Query Igmp Filter ConfigurationConfiguration Settings Igmp Filter/Throttling Trunk Configuration Settings 185 Dhcp Snooping 186 Configuration183 Cache Field Attributes Displaying System Information Management Software Displaying Switch Hardware/Software VersionsCLI Specify the hostname, location and contact information Main Board Switch Information Web Click System, Switch Information Displaying Bridge Extension Capabilities Bridge Extension Configuration CLI Enter the following command Setting the Switch’s IP AddressCommand Attributes Manual IP Configuration Dhcp IP Configuration Using DHCP/BOOTP Managing Firmware Enabling Jumbo Frames Copy Firmware Downloading System Software from a Server 11 Deleting Files Saving or Restoring Configuration Settings 12 Downloading Configuration Settings for Startup Downloading Configuration Settings from a Server 13 Setting the Startup Configuration Settings Console Port Settings 14 Console Port Settings Telnet Settings 15 Enabling Telnet Displaying Log Messages Configuring Event Logging Logging Levels System Log ConfigurationError resource exhausted CLI This example shows the event message stored in RAM 17 System Logs Remote Log Configuration 18 Remote Logs Simple Mail Transfer Protocol 19 Enabling and Configuring Smtp Renumbering the System Resetting the System Configuring Sntp Setting the System Clock 23 Setting the System Clock Setting the Time Zone Access Mode Setting Community Access StringsSimple Network Management Protocol Specifying Trap Managers and Trap Types 24 Configuring Snmp Community Strings Enabling Snmp Agent Status 25 Configuring IP Trap Managers Setting the Local Engine ID Configuring SNMPv3 Management AccessCLI This example sets an SNMPv3 engine ID Specifying a Remote Engine ID Configuring SNMPv3 UsersCLI This example specifies a remote SNMPv3 engine ID Configuring the Switch 29 Configuring SNMPv3 Users 30 Configuring Remote SNMPv3 Users Configuring Remote SNMPv3 Users Subsequent to its election Configuring SNMPv3 GroupsTopology Change Timer immediately Supported Notification Messages Rmon Events SNMPv2 Traps ChangeTrap SwIpFilterRejectTrap 6.1.4.1.202.20.68.2.1.0.1 Private Traps SwPowerStatus 6.1.4.1.202.20.68.2.1.0.1PD Powered Device. This notification is Mode PethPsePortPower 6.1.4.1.202.20.68.2.1.0.1 31 Configuring SNMPv3 Groups 32 Configuring SNMPv3 Views Setting SNMPv3 Views Configuring User Accounts User Authentication 33 Access Levels Command Usage Configuring Local/Remote Logon Authentication Tacacs Settings Radius Settings 34 Authentication Settings User Authentication Https System Support Web Browser Operating System Configuring Https Replacing the Default Secure-site Certificate Configuring the Secure Shell User Authentication SSH server includes basic settings for authentication Configuring the SSH Server Generating the Host Key Pair 37 SSH Host-Key Settings Configuring Port Security 38 Configuring Port Security Configuring 802.1X Port Authentication 802.1X protocol provides client authentication Displaying 802.1X Global Settings Web Click Security, 802.1X, Information Configuring 802.1X Global SettingsCLI This example shows the default global setting for CLI This example enables 802.1X globally for the switch Authorized Configuring Port Settings for 41 802.1X Port Configuration Consoleconfig#interface ethernet 1/2 802.1X Statistics Displaying 802.1X StatisticsParameter Description Configuring Access Control Lists Access Control ListsCLI This example displays the 802.1X statistics for port CLI This example creates a standard IP ACL named david Setting the ACL Name and Type Configuring an Extended IP ACL Configuring a Standard IP ACL Configuring the Switch 45 Configuring Extended IP ACLs Configuring a MAC ACL This switch supports ACLs for ingress filtering only Binding a Port to an Access Control List 47 Configuring ACL Port Binding Filtering IP Addresses for Management Access 48 Creating an IP Filter List Field Attributes Web Port ConfigurationCLI This example allows Snmp access for a specific client Displaying Connection Status Web Click Port, Port Information or Trunk Information ConfigurationBasic Information Current Status Configuring Interface Connections 50 Port/Trunk Configuration Creating Trunk Groups 51 Configuring Static Trunks Statically Configuring a Trunk 131 Enabling Lacp on Selected Ports 52 Lacp Trunk Configuration Dynamically Creating a Port Channel Configuring Lacp Parameters 53 Lacp Port Configuration Field Description Displaying Lacp Port CountersYou can display statistics for Lacp protocol messages Lacp Port Counters CLI The following example displays Lacp counters 54 Lacp Port Counters Information Lacp Internal Configuration Information Displaying Lacp Settings and Status for the Local Side 55 Lacp Port Internal Information Lacp Neighbor Configuration Information Field Description Displaying Lacp Settings and Status for the Remote Side Setting Broadcast Storm Thresholds 57 Port Broadcast Control 58 Mirror Port Configuration Configuring Port Mirroring Rate Limit Configuration Configuring Rate Limits Showing Port Statistics Etherlike Statistics 10 Port Statistics Formed Oversize Frames Or alignment error Received BytesRmon Statistics Drop Events Resources Jabbers 60 Port Statistics Setting Static Addresses Address Table SettingsCLI This example shows statistics for port Displaying the Address Table 61 Configuring a Static Address Table 62 Configuring a Dynamic Address Table Changing the Aging Time Spanning Tree Algorithm ConfigurationCLI This example sets the aging time to 300 seconds Spanning Tree Algorithm Configuration 104 Displaying Global Settings 64 Displaying Spanning Tree Information Global settings apply to the entire switch Configuring Global Settings Root Device Configuration Basic Configuration of Global Settings Configuration Settings for Mstp Configuration Settings for Rstp 65 Configuring Spanning Tree Displaying Interface Settings 112 CLI This example shows the STA attributes for port 66 Displaying Spanning Tree Port Information Configuring Interface Settings CLI This example sets STA attributes for port 67 Configuring Spanning Tree per Port Configuring Multiple Spanning Trees 68 Configuring Multiple Spanning Trees MST Instance ID Instance identifier to configure. Default Displaying Interface Settings for Mstp 69 Displaying Mstp Interface Settings Configuring Interface Settings for Mstp 121 Ieee 802.1Q VLANs Vlan ConfigurationCLI This example sets the Mstp attributes for port Assigning Ports to VLANs 124 CLI This example enables Gvrp for the switch Enabling or Disabling Gvrp Global SettingForwarding Tagged/Untagged Frames Displaying Basic Vlan Information Command Attributes WebDisplaying Current VLANs 73 Displaying Current VLANs Command Attributes CLI 175 Creating VLANs CLI This example creates a new Vlan Adding Static Members to VLANs Vlan Index 130 Adding Static Members to VLANs Port Index 75 Configuring a Vlan Static Table Configuring Vlan Behavior for Interfaces 77 Configuring VLANs per Port Configuring Ieee 802.1Q Tunneling Layer 2 Flow for Packets Coming into a Tunnel Access Port Layer 2 Flow for Packets Coming into a Tunnel Uplink Port General Configuration Guidelines for QinQ Configuration Limitations for QinQ 78 802.1Q Tunnel Status Enabling QinQ Tunneling on the Switch Adding an Interface to a QinQ Tunnel CLI This example sets the switch to operate in QinQ mode 79 Tunnel Port Configuration 45-1 CLI This example enables private VLANs Configuring Private VLANsEnabling Private VLANs Protocol Vlan Group Configuration Configuring Uplink and Downlink PortsProtocol VLANs 82 Protocol Vlan Configuration Configuring Protocol Vlan Interfaces Layer 2 Queue Settings Class of Service ConfigurationSetting the Default Priority for Interfaces 11 Mapping CoS Values to Egress Queues Port Priority ConfigurationCLI This example assigns a default priority of 5 to port Mapping CoS Values to Egress Queues Spare 12 CoS Priority LevelsPriority Level Traffic Type Background Enabling CoS Selecting the Queue Mode 87 Queue Mode Setting the Service Weight for Traffic Classes Mapping Layer 3/4 Priorities to CoS Values Layer 3/4 Priority SettingsSelecting IP Precedence/DSCP Priority 13 Mapping IP Precedence Mapping IP Precedence 90 Mapping IP Precedence Priority Values 10, 12, 14 18, 20, 22 26, 28, 30, 32, 34 38, 40 Mapping Dscp Priority14 Mapping Dscp Priority Values IP Dscp Value CoS Value 92 IP Port Priority Status Mapping IP Port Priority 93 IP Port Priority Quality of Service Configuring a Class Map Configuring Quality of Service ParametersClass map is used for matching packets to a specified class Match Class Settings Class ConfigurationClass Map 94 Configuring Class Maps Creating QoS Policies Policy ConfigurationPolicy Map Policy Options Policy Rule Settings Class Settings 95 Configuring Policy Maps Attaching a Policy Map to Ingress Queues 96 Service Policy Settings Layer 2 Igmp Snooping and Query Multicast Filtering Configuring Igmp Snooping and Query Parameters Enabling Igmp Immediate Leave 97 Igmp Configuration 98 Igmp Immediate Leave Displaying Interfaces Attached to a Multicast Router 99 Displaying Multicast Router Port Information Specifying Static Interfaces for a Multicast Router 100 Static Multicast Router Port Configuration Displaying Port Members of Multicast Services 101 IP Multicast Registration Table Assigning Ports to Multicast Services 102 Igmp Member Port Table Igmp Filtering and Throttling 103 Enabling Igmp Filtering and Throttling Enabling Igmp Filtering and Throttling Configuring Igmp Filtering and Throttling for Interfaces 104 Igmp Filter and Throttling Port Configuration Configuring Igmp Filter Profiles 105 Igmp Profile Configuration Multicast Vlan Registration General Configuration Guidelines for MVR Configuring Global MVR Settings Displaying MVR Interface Status 106 MVR Global Configuration 107 MVR Port Information Web Click MVR, Port or Trunk Information 108 MVR Group IP Information Displaying Port Members of Multicast Groups MVR Vlan Configuring MVR Interface Status Assigning Static Multicast Groups to Interfaces Web Click MVR, Port or Trunk Configuration Configuring General DNS Service Parameters Configuring Domain Name Service 111 DNS General Configuration 238 Configuring Static DNS Host to Address Entries 112 DNS Static Host Table 113 DNS Cache Displaying the DNS Cache Dhcp Snooping Web Click Dhcp Snooping, Configuration Dhcp Snooping Configuration CLI This example first enables Dhcp Snooping for Vlan Dhcp Snooping Vlan ConfigurationDhcp Snooping Information Option Configuration Enables Dhcp snooping on the specified Vlan Trust Status Enables or disables port as trusted Dhcp Snooping Port Configuration Dhcp Snooping Binding Information 117 Dhcp Snooping Port Configuration IP Source Guard IP Source Guard Port ConfigurationWeb Click Dhcp Snooping, Dhcp Snooping Binding Information 119 IP Source Guard Port Configuration Static IP Source Guard Binding Configuration Dynamic IP Source Guard Binding Information 120 Static IP Source Guard Binding Configuration Web Click IP Source Guard, Dynamic Information Switch Clustering 122 Cluster Member Choice Cluster Configuration Web Click Cluster, Configuration Cluster Member ConfigurationAdds Candidate switches to the cluster as Members Displays current cluster Member switch information Web Click Cluster, Member ConfigurationCluster Member Information 126 Cluster Candidate Information Cluster Candidate Information Accessing the CLI Using the Command Line Interface Telnet Connection Keywords and Arguments Entering CommandsCommand Completion Getting Help on Commands Showing Commands Partial Keyword Lookup Negating the Effect of CommandsUsing Command History Understanding Command Modes Command Modes Exec Commands Configuration Modes Command Prompt Configuration CommandsConsoleconfig-if# 120 Command Line Processing Command Line ProcessingKeystroke Function Command Groups Description Command Groups Line Commands Function Mode Line Commands Line Login No password is specified PasswordUsername 4-25 password Syntax Password 0 7 password no password Exec-timeout Timeout login response Syntax Exec-timeout seconds no exec-timeout Password-threshSyntax Password-thresh threshold no password-thresh Databits Silent-timeSyntax Silent-time seconds no silent-time Syntax Databits 7 8 no databits ParitySyntax Parity none even odd no parity Syntax Stopbits 1 SpeedStopbits Syntax Speed bps no speed Syntax Show line console vty DisconnectShow line Syntax Disconnect session-id General Commands Function Mode General CommandsEnable To show all lines, enter this command Level DisableDisable Enable password Enable Show history Configure End Reload Quit This command exits the configuration programThis example shows how to quit a CLI session Exit Device Designation Commands System Management CommandsPrompt Username User Access CommandsUser Access Commands Function Mode Hostname 10 Default Login Settings Username Access-level Password Enable passwordGuest Admin 11 IP Filter Commands Function Mode IP Filter CommandsManagement All addresses Show management Ip http port Web Server Commands12 Web Server Commands Function Mode Default Setting Command Mode Ip http secure-server Syntax No ip http server Default SettingSyntax No ip http secure-server Default Setting Ip http server Portnumber The UDP port used for HTTPS. Range Ip http secure-port13 Https System Support Web Browser Operating System Ip http secure-port4-31 Copy tftp https-certificate Ip http secure-server4-30 Telnet Server Commands14 Telnet Server Commands Function Mode Ip telnet port Ip telnet server Secure Shell CommandsSyntax No ip telnet server Default Setting 15 SSH Commands Function Mode Copy tftp public-key Ip ssh server Syntax No ip ssh server Default Setting Ip ssh crypto host-key generate 4-38 show ssh Ip ssh timeoutSyntax Ip ssh timeout seconds no ip ssh timeout Exec-timeout4-13 show ip ssh Bits Ip ssh authentication-retriesIp ssh server-key size Key-size- The size of server key. Range 512-896 bits Syntax Ip ssh crypto host-key generate dsa rsa Delete public-keyIp ssh crypto host-key generate Syntax Delete public-key username dsa rsa Syntax Ip ssh save host-key dsa rsa Ip ssh crypto zeroizeIp ssh save host-key Syntax Ip ssh crypto zeroize dsa rsa Ip ssh crypto host-key generate This command displays the current SSH server connectionsShow ip ssh Show ssh Terminology Show public-keySyntax Show public-key user username host Console#show public-key host Host Logging on Event Logging Commands17 Event Logging Commands Function Mode Syntax No logging on Default Setting Logging history Flash errors level 3 RAM warnings level 618 Logging Levels Hostipaddress The IP address of a syslog server Logging hostLogging facility Syntax No logging host hostipaddress Syntax Clear logging flash ram Logging trapClear logging Syntax Logging trap level no logging trap Syntax Show logging flash ram sendmail trap Show logging19 show logging flash/ram display description Show log Facility commandLogging trap command Syntax Show log flash ram login tail Following example shows sample messages stored in RAM Smtp Alert Commands21 Smtp Alert Commands Function Mode Logging sendmail host Syntax Logging sendmail level level Logging sendmail level This example will set the source email john@acme.com Logging sendmail source-emailLogging sendmail destination-email Syntax No logging sendmail source-email email-address Logging sendmail Syntax No logging sendmail Default SettingShow logging sendmail Sntp client Time Commands22 Time Commands Function Mode Syntax No sntp client Default Setting Sntp client 4-53 sntp poll 4-55 show sntp Sntp serverSntp server 4-54 sntp poll 4-55 show sntp Syntax Sntp server ip1 ip2 ip3 Sntp client Sntp pollShow sntp Syntax Sntp poll seconds no sntp poll Calendar set hour min sec day month year month day year Clock timezoneCalendar set Syntax 23 System Status Commands Function Mode System Status CommandsShow startup-config This command displays the system clock Command Line Interface Show running-config4-59 Show running-config Show startup-config4-57 Show system This command displays system informationShow users Show version Syntax No jumbo frame Default Setting Frame Size Commands24 Frame Size Commands Function Mode Jumbo frame Enables support for jumbo frames Copy Flash/File Commands25 Flash/File Commands Function Mode Copy Flash/File Commands Following example shows how to download a configuration file Dir Delete public-key4-38 This command deletes a file or imageDelete Delete unit filename Column Heading Description Syntax Dir unit boot-rom config opcode filenameDir 26 File Directory Information Syntax Boot system unit boot-romconfig opcode filename WhichbootBoot system Syntax whichboot unit 27 Authentication Commands Command Group Function Authentication CommandsAuthentication Sequence Dir 4-68 whichboot Username for setting the local user names and passwords Authentication loginLocal Authentication enable Show radius-server Shows the current Radius settings 29 Radius Client Commands Function ModeRadius Client Radius-server port Default Setting Auth-portRetransmit Command Mode Radius-server host Radius-server retransmit Radius-server keySyntax Radius-server key keystring no radius-server key Show radius-server Radius-server timeout Tacacs-server port 30 Tacacs Commands Function ModeTACACS+ Client Tacacs-server host Show tacacs-server Tacacs-server keySyntax Tacacs-server key keystring no tacacs-server key Interface Configuration Ethernet Port Security Commands31 Port Security Commands Function Mode Status Disabled Action None Maximum Addresses Command Usage Dot1x system-auth-control 802.1X Port Authentication32 802.1X Port Authentication Command Function Mode Syntax No dotx system-auth-control Default Setting Dot1x port-control Dot1x defaultDefault Command Mode Dot1x max-req Force-authorized Dot1x operation-modeSingle-host Dot1x re-authentication Dot1x re-authenticateDot1x timeout quiet-period Dot1x timeout tx-period Dot1x timeout re-authperiod Syntax Show dot1x statistics interface interface Show dot1xStatistics Displays dot1x status for each port Backend State Machine Authenticator State MachineReauthentication State Machine State Current state including initialize, reauthenticate Command Line Interface Access Control Lists Access Control List Commands33 Access Control Lists Command Groups Function IP ACLs Access-list ip34 IP ACLs Command Function Mode Syntax No access-list ip standard extended aclname Standard ACL Permit, deny Ip access-group4-93 show ip access-list4-93Access-list ip Syntax No permit deny any source bitmask host source Source-port sport end destination-port dport end Any destination address-bitmask host destinationExtended ACL Syntax No ip access-group aclname Show ip access-listIp access-group Syntax Show ip access-list standard extended aclname Show ip access-list4-93 Show ip access-groupThis command shows the ports assigned to IP ACLs Permit, deny Mac access-group4-98 show mac access-list4-97 Access-list mac35 MAC ACL Commands Function Mode Syntax No access-list mac aclname Permit, deny MAC ACL Permit, deny Mac access-group4-98 Show mac access-listThis command displays the rules for configured MAC ACLs Syntax Show mac access-list aclname Show mac access-list4-97 Mac access-groupShow mac access-group Syntax Mac access-group aclname ACL Information Show access-listShow access-group 36 ACL Information Command Function Mode 37 Snmp Commands Function Mode Snmp Commands Snmp-server Syntax No snmp-server Default SettingShow snmp Snmp-server community Syntax Snmp-server location text no snmp-server location Snmp-server contactSnmp-server location Syntax Snmp-server contact string no snmp-server contact Host Address None Notification Type Traps Snmp-server host Snmp Version UDP Port Snmp-server enable traps Snmp-server enable trapsIssue authentication and link-up-down traps Snmp-server engine-id This example shows the default engine ID This command shows the Snmp engine IDShow snmp engine-id This view includes MIB-2 Defaultview includes access to the entire MIB treeSnmp-server view Examples 39 show snmp view display description This command shows information on the Snmp viewsShow snmp view Snmp-server group Consoleconfig#snmp-server group r&d v3 auth write daily Show snmp group 40 show snmp group display description Snmp-server user 114 Show snmp user This command shows information on Snmp users41 show snmp user display description Port-channel channel-idRange Interface Commands42 Interface Commands Function Mode Interface Speed-duplex DescriptionSyntax Description string no description Negotiation Syntax No negotiation Default SettingNegotiation 4-118 capabilities Capabilities Following example configures port 11 to use autonegotiationCapabilities 4-119speed-duplex4-117 Flowcontrol Syntax No flowcontrol Default SettingNegotiation 4-118speed-duplex4-117 flowcontrol Shutdown Syntax No shutdown Default Setting Syntax Clear counters interface Switchport broadcast packet-ratePort-channel channel-idRange Default Setting Clear counters Syntax Show interfaces status interface This command displays the status for an interfaceShow interfaces status Following example clears statistics on port Shows the counters for all interfaces This command displays interface statisticsShow interfaces counters Syntax Show interfaces counters interface Syntax Show interfaces switchport interface Show interfaces switchportShows all interfaces 43 Interfaces Switchport Statistics Interface ethernet unit/port source port Mirror Port Commands44 Mirror Port Commands Function Mode Port monitor Syntax Show port monitor interface This command displays mirror informationFollowing shows mirroring configured from port 6 to port Show port monitor Rate-limit Rate Limit CommandsGigabit Ethernet 1000 Mbps 123 Link Aggregation Commands46 Link Aggregation Commands 135 Dynamically Creating a Port Channel Channel-groupGuidelines for Creating Trunks General Guidelines Lacp Syntax No lacp Default SettingFollowing example creates trunk 1 and then adds port 32768 Lacp system-priority Lacp admin-keyEthernet Interface Interface Configuration Port Channel Lacp admin-key Port Channel Lacp port-priority This command displays Lacp informationShow lacp LACPDUs Illegal Pkts Port Channel all47 show lacp counters display description Type 48 show lacp internal display description 50 show lacp sysid display description 49 show lacp neighbors display description Action Address Table Commands51 Address Table Commands Function Mode Mac-address-table static Show mac-address-table Clear mac-address-table dynamicMac-address- MAC address Mask Bits to match in the address Sort Sort by address, vlan or interface Mac-address-table aging-time Show mac-address-table aging-time 52 Spanning Tree Commands Function Mode Spanning Tree Commands Spanning-tree Spanning-tree modeSyntax No spanning-tree Default Setting Spanning tree is enabled Spanning-tree forward-time Spanning-tree hello-time Spanning-tree priority Spanning-tree max-age Long method Spanning-tree pathcost method Count The transmission limit in seconds. Range Spanning-tree mst-configurationThis command limits the maximum transmission rate for BPDUs Spanning-tree transmission-limit No mst instanceid vlan vlan-range MST ConfigurationMst vlan Mst priority Name Name of the spanning tree Switch’s MAC addressName Syntax Name name Max-hopshop-number RevisionMax-hops Syntax Revision number Spanning-tree cost Spanning-tree spanning-disabledSyntax No spanning-tree spanning-disabled Default Setting This example disables the spanning tree algorithm for port Priority The priority for a port. Range 0-240, in steps Spanning-tree port-priority Spanning-tree portfast Syntax No spanning-tree edge-port Default SettingSyntax No spanning-tree portfast Default Setting Spanning-tree edge-port Spanning-treeedge-port4-156 Spanning-tree link-typeAuto Spanning-tree mst cost Spanning-tree mst port-priority4-159 Spanning-tree mst port-priority Syntax Spanning-tree protocol-migration interface Port-channel channel-idRange Command ModeSpanning-tree protocol-migration Show spanning-tree Mstp Show spanning-tree mst configuration 54 Gvrp and Bridge Extension Commands Function Mode Vlan CommandsGvrp and Bridge Extension Commands 53 VLANs Command Groups Function Bridge-ext gvrp Syntax No bridge-ext gvrp Default SettingShow bridge-ext Syntax Show gvrp configuration interface Switchport gvrpShow gvrp configuration Syntax No switchport gvrp Default Setting Show garp timer Garp timer Vlan database Syntax Show garp timer interface55 Editing Vlan Groups Command Function Mode Editing Vlan Groups Show vlan By default only Vlan 1 exists and is activeVlan Database Configuration Vlan Interface vlan Configuring Vlan Interfaces56 Configuring Vlan Interfaces Command Function Mode Interface vlan All ports are in hybrid mode with the Pvid set to Vlan Switchport modeSwitchport acceptable-frame-types4-171 All frame types Switchport acceptable-frame-typesSwitchport ingress-filtering Switchport mode Switchport native vlan Switchport allowed vlan No VLANs are included in the forbidden list Switchport forbidden vlan Displaying Vlan Information 57 Show Vlan Commands Function ModeShow vlan Dot1q-tunnel system-tunnel-control Configuring Ieee 802.1Q Tunneling58 Ieee 802.1Q Tunneling Commands Function Mode General Configuration Guidelines for QinQ Show dot1q-tunnel4-178 Show interfaces switchport Switchport dot1q-tunnel mode Show dot1q-tunnel Switchport dot1q-tunnel tpidRelated Commands This command displays information about QinQ tunnel ports 59 Private Vlan Commands Function Mode Switchport dot1q-tunnel modePvlan Show pvlan This command displays the configured private VlanNo private VLANs are defined Protocol-vlan protocol-group Configuring Groups Configuring Protocol-based VLANs60 Protocol-based Vlan Commands Function Mode No protocol groups are configured Protocol-vlan protocol-group Configuring InterfacesNo protocol groups are mapped for any interface Show interfaces protocol-vlan protocol-group Show protocol-vlan protocol-groupSyntax Show protocol-vlan protocol-group group-id 62 Priority Commands Layer Function Mode Priority CommandsPriority Commands Layer 61 Priority Commands Command Groups Function Switchport priority default Queue modeSyntax Queue mode strict wrr no queue mode Weights 1, 2, 4, 8 are assigned to queues 0-3 respectively Queue bandwidth weight1...weight4 no queue bandwidthQueue bandwidth Queue cos-map 63 Default CoS Values to Egress QueuesQueue cos-mapqueueid cos1 ... cosn no queue cos-map Show queue bandwidth Show queue modeFollowing example shows how to change the CoS assignments This command shows the current queue mode Show queue cos-map Priority Commands Layer 3This command shows the class of service priority map 64 Priority Commands Layer 3 Function Mode Map ip dscp dscp-value cos cos-value no map ip dscp Syntax No map ip dscp Default Setting65 IP Dscp to CoS Vales IP Dscp Value CoS Value Show map ip dscp This command shows the IP Dscp priority mapSyntax Show map ip dscp interface Quality of Service Commands 198 Service-policy 66 Quality of Service Commands Function Mode199 Input of a particular interface Show class-map Show class map Class-mapMatch Syntax No class-map class-map-namematch-any Policy-map Class Map ConfigurationNo policy-mappolicy-map-name Class Policy Map ConfigurationNo class class-map-name Set Policy Map Class Configuration Syntax No police rate-kbpsburst-byteexceed-action drop set PoliceDrop out-of-profile packets Syntax Show class-map class-map-name Service-policySyntax No service-policy input policy-map-name Show class-map Displays all policy maps and all classes Show policy-mapShow policy-map interface Show policy-mappolicy-map-name class class-map-name 68 Igmp Snooping Commands Function Mode Multicast Filtering CommandsIgmp Snooping Commands 67 Multicast Filtering Commands Command Groups Function Ip igmp snooping vlan static Syntax No ip igmp snooping Default SettingFollowing example enables Igmp snooping Ip igmp snooping Ip igmp snooping leave-proxy Following configures the switch to use Igmp VersionSyntax No ip igmp snooping leave-proxy Default Setting Ip igmp snooping version Ip igmp snooping immediate-leave Syntax No ip igmp snooping immediate-leave Default SettingInterface Configuration Vlan This command shows the Igmp snooping configuration This command shows known multicast addresses Following shows the current Igmp snooping configurationShow mac-address-table multicast Ip igmp snooping querier Igmp Query Commands Layer69 Igmp Query Commands Layer Function Mode Syntax No ip igmp snooping querier Default Setting Ip igmp snooping query-max-response-time4-208 Following shows how to configure the query count toIp igmp snooping query-interval Times Ip igmp snooping query-max-response-time Seconds The report delay advertised in Igmp queries. RangeIp igmp snooping router-port-expire-time Syntax No ip igmp snooping vlan vlan-idmrouter interface Static Multicast Routing Commands70 Static Multicast Routing Commands Function Mode Ip igmp snooping vlan mrouter Multicast router port types displayed include Static Displays multicast router ports for all configured VLANsShow ip igmp snooping mrouter Syntax Show ip igmp snooping mrouter vlan vlan-id 213 Igmp Filtering and Throttling Commands71 Igmp Filtering and Throttling Commands Function Mode Syntax No ip igmp filter Default Setting Syntax No ip igmp profile profile-number Syntax Permit deny Default SettingIp igmp profile Permit, deny No range low-ip-address high-ip-address RangeSyntax No ip igmp filter profile-number Syntax Ip igmp max-groups number No ip igmp max-groups Ip igmp max-groups Syntax Show ip igmp filter interface interface Ip igmp max-groups actionShow ip igmp filter Syntax Ip igmp max-groups action replace deny Syntax Show ip igmp throttle interface interface Show ip igmp profileShow ip igmp throttle interface Syntax Show ip igmp profile profile-number 219 Multicast Vlan Registration Commands72 Multicast Vlan Registration Commands Function Mode Port Port number. Range Port-channelchannel-id Range No mvr group ip-address count vlan vlan-id Command Line Interface Mvr Global Configuration Multicast Filtering Commands Mvr Interface Configuration 220 Syntax Show mvr interface interface members ip-address Show mvr73 show mvr display description 75 show mvr members display description 74 show mvr interface display descriptionMembers 224 IP Interface Commands76 IP Interface Commands Function Mode Ip address Following example defines a default gateway for this device Ip default-gatewaySyntax Ip default-gateway gateway no ip default-gateway Gateway IP address of the default gateway Show ip interface This command submits a Bootp or Dhcp client requestThis command displays the settings of an IP interface Ip dhcp restart Ping Ip default-gateway4-224This command has no default for the host Show ip redirects 77 IP Source Guard Commands Function Mode IP Source Guard CommandsIp source-guard Syntax Ip source-guard sip sip-macno ip source-guard No ip source-guard binding mac-addressvlan vlan-id This example enables IP source guard on portNo configured entries Ip source-guard binding Ip source-guard4-227 ip dhcp snooping Ip dhcp snooping vlan This command shows the source guard binding tableShow ip source-guard Show ip source-guard binding Ip dhcp snooping Dhcp Snooping Commands78 Dhcp Snooping Commands Function Mode Syntax No ip dhcp snooping Default Setting 232 Ip dhcp snooping vlan 4-233 ip dhcp snooping trust This example enables Dhcp snooping globally for the switchThis example enables Dhcp snooping for Vlan Ip dhcp snooping vlan Ip dhcp snooping trust Syntax No ip dhcp snooping trust Default Setting Ip dhcp snooping verify mac-address This example enables MAC address verificationIp dhcp snooping information option Ip dhcp snooping information policy This example enables the Dhcp Snooping Information OptionReplace Show ip dhcp snooping binding Switch Cluster Commands79 Switch Cluster Commands Function Mode Show ip dhcp snooping Cluster Syntax No cluster Default SettingDisplays current cluster Candidates in the network 242 Syntax Cluster ip-pool ip-addressno cluster ip-pool Cluster commanderSyntax No cluster commander Default Setting Cluster ip-pool Cluster member RcommandSyntax Rcommand id member-id Member-id- The ID number of the Member switch. Range Show cluster members This command shows the switch clustering configurationThis command shows the current switch cluster members Show cluster Show cluster candidates Software Features Appendix a Software Specifications Igmp RFC 1112 IGMPv2 RFC 2236 RADIUS+ RFC Management FeaturesGroups 1, 2, 3, 9 Statistics, History, Alarm, Event Standards Management Information Bases a Management Information Bases Software Specifications Symptom Action Table B-1 Troubleshooting Chart Using System Logs Differentiated Services Code Point Service Dscp Access Control List ACLBoot Protocol Bootp Class of Service CoS Group Attribute Registration Protocol Garp Garp Vlan Registration Protocol GvrpGeneric Attribute Registration Protocol Garp Generic Multicast Registration Protocol Gmrp In-Band Management Igmp SnoopingIgmp Query Internet Group Management Protocol Igmp Network Time Protocol NTP Multicast SwitchingPort Authentication Remote Authentication Dial-in User Service Radius Spanning Tree Algorithm STA Secure Shell SSHSimple Network Management Protocol Snmp Simple Network Time Protocol Sntp XModem Virtual LAN Vlan Numerics Index Index Gateway, default 3-14,4-224 Index-3 Index-4 Page Technical Support

SMC Networks SMC8150L2 manual IP Source Guard Port Configuration

Models: SMC8150L2

Web – Click DHCP Snooping, DHCP Snooping Binding Information.

Figure 3-118 DHCP Snooping Binding Information

IP Source Guard

IP Source Guard Port Configuration