Source guard without DHCP Snooping

Answered Question
Jul 31st, 2009
User Badges:

Hi Experts,

I am practising SOURCE GAURD using command "ip verify source".

I am aware that "source guard" feature will be used with DHCP snooping to verify IP Address. Also, "ip verify source port-security" can be enabled to verify the MAC Address.

If i donot have DHCP scenario, and if i want to enable source guard, how to do ?. where I have to configure the static IP Address mapping?


can anyone help me


sairam

Correct Answer by Peter Paluch about 7 years 11 months ago

Hello Sairam,


It is possible to run IP Source Guard without DHCP, however, setting up the mappings between the MACs and IPs can be tedious.


Check this document:


http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swdhcp82.html


Specifically, you are looking for the command "ip source binding". It is described in the above document - check it up.


Best regards,

Peter


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Peter Paluch Fri, 07/31/2009 - 00:30
User Badges:
  • Cisco Employee,

Hello Sairam,


It is possible to run IP Source Guard without DHCP, however, setting up the mappings between the MACs and IPs can be tedious.


Check this document:


http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swdhcp82.html


Specifically, you are looking for the command "ip source binding". It is described in the above document - check it up.


Best regards,

Peter


fabasoft-534 Tue, 08/04/2009 - 00:24
User Badges:

Hi Sairam


if you do dot have a DHCP scenario, you have also to activate DHCP snooping for IP Source Guard to work. You have also to configure the port for "ip dhcp snooping untrusted".

If you use IP Source Guard with L2-Address verification, you have to to use dhcp snooping with option 82.

(the last one i have never seen working :-)


lg Herbert

fabasoft-534 Tue, 08/04/2009 - 00:26
User Badges:

the static mappings are configured like this

ip source binding 0014.3813.E877 vlan 1 10.1.20.200 interface Fa0/7

Actions

This Discussion