Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Source guard without DHCP Snooping

Hi Experts,

I am practising SOURCE GAURD using command "ip verify source".

I am aware that "source guard" feature will be used with DHCP snooping to verify IP Address. Also, "ip verify source port-security" can be enabled to verify the MAC Address.

If i donot have DHCP scenario, and if i want to enable source guard, how to do ?. where I have to configure the static IP Address mapping?

can anyone help me

sairam

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Source guard without DHCP Snooping

Hello Sairam,

It is possible to run IP Source Guard without DHCP, however, setting up the mappings between the MACs and IPs can be tedious.

Check this document:

http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swdhcp82.html

Specifically, you are looking for the command "ip source binding". It is described in the above document - check it up.

Best regards,

Peter

3 REPLIES
Cisco Employee

Re: Source guard without DHCP Snooping

Hello Sairam,

It is possible to run IP Source Guard without DHCP, however, setting up the mappings between the MACs and IPs can be tedious.

Check this document:

http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swdhcp82.html

Specifically, you are looking for the command "ip source binding". It is described in the above document - check it up.

Best regards,

Peter

New Member

Re: Source guard without DHCP Snooping

Hi Sairam

if you do dot have a DHCP scenario, you have also to activate DHCP snooping for IP Source Guard to work. You have also to configure the port for "ip dhcp snooping untrusted".

If you use IP Source Guard with L2-Address verification, you have to to use dhcp snooping with option 82.

(the last one i have never seen working :-)

lg Herbert

New Member

Re: Source guard without DHCP Snooping

the static mappings are configured like this

ip source binding 0014.3813.E877 vlan 1 10.1.20.200 interface Fa0/7

169
Views
0
Helpful
3
Replies
CreatePlease to create content