Cisco 3560x-24p 参考指南
2-286
Catalyst 3750-X and 3560-X Switch Command Reference
OL-21522-02
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands
ip verify source
ip verify source
Use the ip verify source interface configuration command on the switch stack or on a standalone switch
to enable IP source guard on an interface. Use the no form of this command to disable IP source guard.
to enable IP source guard on an interface. Use the no form of this command to disable IP source guard.
ip verify source {vlan dhcp-snooping | tracking} [port-security]
no ip verify source {vlan dhcp-snooping | tracking} [port-security]
Syntax Description
Defaults
IP source guard is disabled.
Command Modes
Interface configuration
Command History
Usage Guidelines
To enable IP source guard with source IP address filtering, use the ip verify source interface
configuration command.
configuration command.
To enable IP source guard with source IP and MAC address filtering, use the ip verify source
port-security interface configuration command.
port-security interface configuration command.
To enable IP source guard with source IP and MAC address filtering, you must enable port security on
the interface.
the interface.
Examples
This example shows how to enable IP source guard on VLANs 10 through 20 on a per-port basis:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip dhcp snooping
Switch(config)# ip dhcp snooping vlan 10 20
Switch(config)# interface gigabitethernet1/0/1
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk native vlan 10
Switch(config-if)# switchport trunk allowed vlan 11-20
Switch(config-if)# no ip dhcp snooping trust
Switch(config-if)# ip verify source vlan dhcp-snooping
Switch(config)# end
Switch# show ip verify source interface fastethernet0/1
vlan dhcp-snooping
Enable IP source guard on an untrusted Layer 2 DHCP snooping interfaces.
tracking
Enable IP port security to learn static IP address learning on a port.
port-security
(Optional) Enable IP source guard with IP and MAC address filtering.
If you do not enter the port-security keyword, IP source guard with IP
address filtering is enabled.
address filtering is enabled.
Release
Modification
12.2(53)SE2
This command was introduced.