11.16. IP Source Guard Commands

Command Purpose

Use the ip source binding Global Config command on the switch to configure static IP source bindings on the switch. Use the no form of this command to delete static bindings.

Prerequisites

Command Syntax

ip source binding mac MAC_ADDR vlan VLAN_ID ip IP_ADDR interface IFNAME

no ip source binding mac MAC_ADDR vlan VLAN_ID ip IP_ADDR interface IFNAME

Command Mode

Global Config

Default

None

Usage

A static IP source binding entry has an IP address, its associated MAC address, and its associated VLAN number.

The same MAC and IP can only be bound in one binding entry. Duplication of MAC or IP in binding entries is not allowed.

No IP source bindings are configured by default.

Examples

The following is sample output from the ip source binding command:

Switch# configure terminal
Switch(config)# ip source binding mac 0001.1234.1234 vlan 1 ip 172.20.50.5 interface eth-0-1

Related Commands

show ip source binding

no ip source binding

Command Purpose

Use the ip source binding Global Config command on the switch to configure static IP source bindings on the switch. Use the no form of this command to delete static bindings.

Prerequisites

Command Syntax

ip source binding mac MAC_ADDR vlan VLAN_ID ipv6 IPV6_ADDR interface IFNAME

no ip source binding mac MAC_ADDR vlan VLAN_ID ipv6 IPV6_ADDR interface IFNAME

Command Mode

Global Config

Default

None

Usage

A static IP source binding entry has an IP address, its associated MAC address, and its associated VLAN number.

The same MAC and IP can only be bound in one binding entry. Duplication of MAC or IP in binding entries is not allowed.

No IP source bindings are configured by default.

Examples

The following is sample output from the ip source binding command:

Switch# configure terminal
Switch(config)# ip source binding mac 0001.1234.1234 vlan 1 ipv6 1::12:11 interface eth-0-1

Related Commands

show ip source binding

no ip source binding

Command Purpose

Use this command to delete one or more ip source binding entries.

Prerequisites

Command Syntax

no ip source binding entries

no ip source binding entries vlan VLAN_ID

no ip source binding entries interface IFNAME

Command Mode

Global Config

Default

None

Usage

If neither vlan-id nor interface-id is specified, all static ip source binding entries will be deleted.

Examples

clear the entries of eth-0-1:

Switch# configure terminal
Switch(config)# no ip source binding entries interface eth-0-1

clear the entries of vlan2:

Switch# configure terminal
Switch(config)# no ip source binding entries vlan 2

Related Commands

ip source binding

show ip source binding

Command Purpose

To specify the maximum number of bindings for each interface, use the ip source maximal binding command in Global Config mode. To restore to the default value, use the no form of this command.

Prerequisites

Command Syntax

ip source maximal binding number per-port NUMBER

no ip source maximal binding number per-port

Command Mode

Global Config

Default

10

Usage

Using for configuring maximal binding number, and default value is 10. The number 0 indicates no limiation

Examples

The following example shows how to restore the default maximum number of bindings:

Switch# configure terminal
Switch(config)# no ip source binding entries

The following example shows how to specify the maximum number of bindings:

Switch# configure terminal
Switch(config)# ip source maximal binding number per-port 20

Related Commands

show ip source binding

Command Purpose

Use the ip verify source interface configuration command on the switch stack or on a standalone switch to enable IP source guard on an interface. Use the no form of this command to disable IP source guard.

Prerequisites

Command Syntax

ip verify source ( ip | ip-mac | ip-vlan | ip-mac-vlan )

no ip verify source

Command Mode

Interface Configuration

Default

None

Usage

When IP source guard is enabled on an access port, the ip-mac-vlan keyword is equivalent to the ip-mac keyword.

By default, IP source guard is disabled on interfaces.

Examples

The following example shows how to enable IP source guard on an interface:

Switch# configure terminal
Switch(config)# interface eth-0-1
Switch(config-if)# ip verify source ip-mac

Related Commands

ip source binding

show ip source binding

Command Purpose

Use the show ip source binding privileged EXEC command to display the IP source bindings on the switch.

Prerequisites

Command Syntax

show ip source binding ( interface IFNAME | )

Command Mode

Privileged EXEC

Default

None

Usage

If interface is not specified, all ip-source-binding entries should be shown.

Examples

The following is sample output from the show ip source binding command:

Switch# show ip source binding

The total number of ip binding is 1, the max ip number limit is 127
The total number of ipv6 binding is 0, the max ipv6 number limit is 128
IP source guard binding table:
VLAN MAC Address    Type   Interface     State    IP Address
=============================================================================
3    0001.0002.0003 static   eth-0-1    ip         10.0.0.2

Related Commands

ip source binding

no ip source binding