Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco 3560/3400 and 7606 (sup32) dhcp snooping + ip source guard

The idea is to secure every one port , for every one user to have ip+mac loced on a single port in the entire network. Users witch take ip address from dhcp server configured ot the vlan`int on the 7606 (sup32) with ip helper address witch is talking with linux dhcp server. in 3560 and 3400 i see the dhcp snooping bindings but when i on ip verify source the traffic for the clients is stoped. no errors and etc.here is config for some port.

interface FastEthernet0/5

description .

switchport access vlan 440

switchport mode access

switchport port-security

switchport port-security violation restrict

load-interval 30

ip verify source

1 REPLY
Bronze

Re: Cisco 3560/3400 and 7606 (sup32) dhcp snooping + ip source g

You can use the port security feature to restrict input to an interface by limiting and identifying MAC addresses of the stations allowed to access the port. When you assign secure MAC addresses to a secure port, the port does not forward packets with source addresses outside the group of defined addresses.

Refer the following url for more information on configuring port security in 3560 device:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swtrafc.html#wp1038501

416
Views
0
Helpful
1
Replies
CreatePlease to create content