Tuesday, 29 July 2014

Cisco 300 Switch: IP Source Guard


To set-up IP source guard, configure DHCP snooping on your switch. You can specify the VLAN as well;





You can verify its working with the following command;




You may need to bring an interface down then up sometimes, if the interface is being denied.

Just make sure that your uplink interfaces (in my case my Gi interfaces) are trusted and depending on your setup that end host interfaces are untrusted


Sources;
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/configuration/guide/sy_swcg/ip_source_guard.html

No comments:

Post a Comment