Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
570
Views
0
Helpful
1
Replies

Cisco 3560/3400 and 7606 (sup32) dhcp snooping + ip source guard

linuxloader
Level 1
Level 1

‎06-18-2008 12:26 AM - edited ‎03-05-2019 11:41 PM

The idea is to secure every one port , for every one user to have ip+mac loced on a single port in the entire network. Users witch take ip address from dhcp server configured ot the vlan`int on the 7606 (sup32) with ip helper address witch is talking with linux dhcp server. in 3560 and 3400 i see the dhcp snooping bindings but when i on ip verify source the traffic for the clients is stoped. no errors and etc.here is config for some port.

interface FastEthernet0/5

description .

switchport access vlan 440

switchport mode access

switchport port-security

switchport port-security violation restrict

load-interval 30

ip verify source

Labels:
0 Helpful
1 Reply 1

hadbou
Level 5
Level 5

‎06-24-2008 11:02 AM

You can use the port security feature to restrict input to an interface by limiting and identifying MAC addresses of the stations allowed to access the port. When you assign secure MAC addresses to a secure port, the port does not forward packets with source addresses outside the group of defined addresses.

Refer the following url for more information on configuring port security in 3560 device:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swtrafc.html#wp1038501

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card