Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IP Source Guard on Trunk Port

Hello to all,

I've a strange behaviour with IP SG on 802.1Q trunk ports and I would like to know if this is normal or not since on CCO I'vent found an answer and how to solve it leaving the feature active.

On the distribution L3 switches I've configured Port-security, DHCP Snooping, IP SourceGuard and DynARP Inspection on the L2 ports which are setup as Access Ports and all is working fine.

Now I've to configure on these L2 ports a new VLAN so as first step I've configured 802.1Q and then added the VLANs. The problem is that on this VLAN I don't have to implement security feature and moreover this has deiveces only with IP static Addresses…after spending some time I find out that the problem was the IP SG configured on the port since DHCP Snooping, DynARP Inspection is not configured on the switch but the IP SG is active on the port…are there any chance to deactiveted IP SG only for this VLAN???

Thx a lot the precious helps




Re: IP Source Guard on Trunk Port

I don't think you can do it per vlan (although others may know of other ways). You may be able to do it by ports that are attached to the vlan though. I've never tried it, but you could try:

int range g1/1 - g1/5

no ip verify source

The g1/1 - g1/5 are the ports that are appropriate for the vlan that you're wanting to disable. The only problem that I see with this is that it will disable these ports for any other vlan that they may be a member of. If they're only access ports, then it should work.



HTH, John *** Please rate all useful posts ***