Configuring IP Source Guard
Configuring IP Source Guard for Static Hosts on a Private VLAN Host Port
You must globally configure the ip device tracking maximum limit-number interface configuration
Note
command globally for IPSG for static hosts to work. If you only configure this command on a port
without enabling IP device tracking globally or setting an IP device tracking maximum on that interface,
IPSG with static hosts will reject all the IP traffic from that interface. This requirement also applies to
IPSG with static hosts on a Layer 2 access port.
Beginning in privileged EXEC mode, follow these steps to configure IPSG for static hosts with IP filters
on a Layer 2 access port:
Command
Step 1
configure terminal
Step 2
vlan vlan-id1
Step 3
private-vlan primary
Step 4
exit
Step 5
vlan vlan-id2
Step 6
private-vlan isolated
Step 7
exit
Step 8
vlan vlan-id1
Step 9
private-vlan association 201
Step 10
exit
Step 11
interface fastEthernet interface-id
Step 12
switchport mode private-vlan host
Step 13
switchport private-vlan host-association vlan-id1
vlan-id2
Step 14
ip device tracking maximum number
Step 15
ip verify source tracking [port-security]
Step 16
end
Step 17
show ip device tracking all
Step 18
show ip verify source interface interface-id
Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide
22-24
Chapter 22
Configuring DHCP Features and IP Source Guard
Purpose
Enter global configuration mode.
Enter VLAN configuration mode.
Establish a primary VLAN on a private VLAN port.
Exit VLAN configuration mode.
Enter configuration VLAN mode for another VLAN.
Establish an isolated VLAN on a private VLAN port.
Exit VLAN configuration mode.
Enter configuration VLAN mode.
Associate the VLAN on an isolated private VLAN port.
Exit VLAN configuration mode.
Enter interface configuration mode.
(Optional) Establish a port as a private VLAN host.
(Optional) Associate this port with the corresponding
private VLAN.
Establish a maximum for the number of static IPs that
the IP device tracking table allows on the port.
The maximum is 10.
You must globally configure the ip device
Note
tracking maximum number interface command
for IPSG for static hosts to work.
Activate IPSG for static hosts with MAC address
filtering on this port.
Exit configuration interface mode.
Verify the configuration.
Verify the IP source guard configuration. Display IPSG
permit ACLs for static hosts.
OL-12247-04