hit counter script

Default Settings For Ip Source Guard; Configuring Ip Source Guard; Enabling Or Disabling Ip Source Guard On A Layer 2 Interface - Cisco Nexus 9000 Series Configuration Manual

Nx-os security configuration guide, release 9.x
Hide thumbs Also See for Nexus 9000 Series:
Table of Contents

Advertisement

Configuring IP Source Guard

• IP Source Guard is dependent upon DHCP snooping to build and maintain the IP-MAC address binding
• IP Source Guard is not supported on fabric extender (FEX) ports or generic expansion module (GEM)
• The following guidelines and limitations apply to the Cisco Nexus 9200 Series switches:

Default Settings for IP Source Guard

This table lists the default settings for IP Source Guard parameters.
Table 34: Default IP Source Guard Parameters
Parameters
IP Source Guard
IP source entries
Configuring IP Source Guard

Enabling or Disabling IP Source Guard on a Layer 2 Interface

You can enable or disable IP Source Guard on a Layer 2 interface. By default, IP Source Guard is disabled
on all interfaces.
Before you begin
Make sure that the DHCP feature and DHCP snooping are enabled.
Make sure that the ACL TCAM region size for IPSG (ipsg) is configured.
SUMMARY STEPS
1. configure terminal
2. interface ethernet slot/port
3. [no] ip verify source dhcp-snooping-vlan
4. (Optional) show running-config dhcp
5. (Optional) copy running-config startup-config
table or upon manual maintenance of static IP source entries.
ports.
• IPv6 adjacency is not formed with IPSG enabled on the incoming interface.
• IPSG drops ARP packets at HSRP standby.
• With DHCP snooping and IPSG enabled, if a binding entry exists for the host, traffic is forwarded
to the host even without ARP.
Default
Disabled on each interface
None. No static or default IP source entries exist by default.
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
Default Settings for IP Source Guard
407

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents

Save PDF