Cisco Systems 3560X Manual De Usuario
24-24
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Chapter 24 Configuring DHCP Features and IP Source Guard
Configuring IP Source Guard
Configuring IP Source Guard for Static Hosts on a Private VLAN Host Port
Note
You must globally configure the ip device tracking maximum limit-number interface configuration
command globally for IPSG for static hosts to work. If you only configure this command on a port
without enabling IP device tracking globally or setting an IP device tracking maximum on that interface,
IPSG with static hosts will reject all the IP traffic from that interface. This requirement also applies to
IPSG with static hosts on a Layer 2 access port.
command globally for IPSG for static hosts to work. If you only configure this command on a port
without enabling IP device tracking globally or setting an IP device tracking maximum on that interface,
IPSG with static hosts will reject all the IP traffic from that interface. This requirement also applies to
IPSG with static hosts on a Layer 2 access port.
Beginning in privileged EXEC mode, follow these steps to configure IPSG for static hosts with IP filters
on a Layer 2 access port:
on a Layer 2 access port:
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
vlan vlan-id1
Enter VLAN configuration mode.
Step 3
private-vlan primary
Establish a primary VLAN on a private VLAN port.
Step 4
exit
Exit VLAN configuration mode.
Step 5
vlan vlan-id2
Enter configuration VLAN mode for another VLAN.
Step 6
private-vlan isolated
Establish an isolated VLAN on a private VLAN port.
Step 7
exit
Exit VLAN configuration mode.
Step 8
vlan vlan-id1
Enter configuration VLAN mode.
Step 9
private-vlan association 201
Associate the VLAN on an isolated private VLAN port.
Step 10
exit
Exit VLAN configuration mode.
Step 11
interface fastEthernet interface-id
Enter interface configuration mode.
Step 12
switchport mode private-vlan host
(Optional) Establish a port as a private VLAN host.
Step 13
switchport private-vlan host-association vlan-id1
vlan-id2
vlan-id2
(Optional) Associate this port with the corresponding
private VLAN.
private VLAN.
Step 14
ip device tracking maximum number
Establish a maximum for the number of static IPs that
the IP device tracking table allows on the port.
the IP device tracking table allows on the port.
The maximum is 10.
Note
You must globally configure the ip device
tracking
tracking
maximum number interface command
for IPSG for static hosts to work.
Step 15
ip verify source tracking [port-security]
Activate IPSG for static hosts with MAC address
filtering on this port.
filtering on this port.
Step 16
end
Exit configuration interface mode.
Step 17
show ip device tracking all
Verify the configuration.
Step 18
show ip verify source interface
interface-id
Verify the IP source guard configuration. Display IPSG
permit ACLs for static hosts.
permit ACLs for static hosts.