2-155
Catalyst4500 Series SwitchCiscoIOS Command Reference—Release 12.2(18)EW
78-16201-01
Chapter2Cisco IOS Commands for the Catalyst 4500 Series Switches
ip verify source vlan dhcp-snooping
ip verify source vlan dhcp-snooping
To enable IP source guard on DHCP snooping untrusted Layer 2 interfaces, use the ip verify source vlan
dhcp-snooping command. Use the no form of this command to disable IP source guard on DHCP
snooping untrusted Layer 2 interfaces.
ip verify source vlan dhcp-snooping [port-security]
no ip verify source vlan dhcp-snooping [port-security]
Syntax Description
Defaults IP source guard is disabled.
Command Modes Global configuration
Command History
Usage Guidelines Interface configuration
Examples This example shows how to enable DHCP snooping security on VLANs 10 through 20:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip dhcp snooping
Switch(config)# ip dhcp snooping vlan 10 20
Switch(config)# configure interface fastethernet6/1
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport access vlan 10
Switch(config-if)# no ip dhcp snooping trust
Switch(config-if)# ip verify source vlan dhcp-snooping
Switch(config)# end
Switch# show ip dhcp snooping security interface fastethernet6/1
Interface Filter-type Filter-mode IP-address Mac-address Vlan
--------- ----------- ----------- --------------- -------------- ---------
fa6/1 ip active 10.0.0.2 10
fa6/1 ip active deny-all 11-20
Switch#
The output shows that there is one valid DHCP binding to VLAN 10.
port-security (Optional) Filters both source IP and MAC addresses using the port
securityfeature.
Release Modification
12.1(19)EW Support for this command was introduced on the Catalyst 4500 series switch.
To Next Page
Loading...
Need help?
General
