Sunday, June 17, 2012

IP Source Guard

  • It add one more check to the DHCP snooping logic.
  • When enabled along with DHCP snooping, IP Source Guard checks the source IP address of received packets against the DHCP snooping binding database.
  • It checks both the source ip & source MAC address against that same database.
  • If the entries do not match, the frame is filtered.
  • ip verify source
    • to check source ip address only
  • ip verify source port-security
    • check both the source ip & MAC address
  • ip source binding mac-address vlan vlan-id ip-address interface interface-id
    • Global command to create static entries that will be used in addition to the DHCP snooping binding database.

at