Cisco 3560/3400 and 7606 (sup32) dhcp snooping + ip source guard

Unanswered Question
Jun 18th, 2008

The idea is to secure every one port , for every one user to have ip+mac loced on a single port in the entire network. Users witch take ip address from dhcp server configured ot the vlan`int on the 7606 (sup32) with ip helper address witch is talking with linux dhcp server. in 3560 and 3400 i see the dhcp snooping bindings but when i on ip verify source the traffic for the clients is stoped. no errors and is config for some port.

interface FastEthernet0/5

description .

switchport access vlan 440

switchport mode access

switchport port-security

switchport port-security violation restrict

load-interval 30

ip verify source

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
hadbou Tue, 06/24/2008 - 11:02

You can use the port security feature to restrict input to an interface by limiting and identifying MAC addresses of the stations allowed to access the port. When you assign secure MAC addresses to a secure port, the port does not forward packets with source addresses outside the group of defined addresses.

Refer the following url for more information on configuring port security in 3560 device:


This Discussion