Configuration Guide User guide
FastIron Configuration Guide 1945
53-1002494-02
IP source guard
The <slotnum> parameter is required on chassis devices.
The <portnum> parameter is a valid port number.
The [vlan <vlannum>] parameter is optional. If you enter a VLAN number, the binding applies to
that VLAN only. If you do not enter a VLAN number, the static binding applies to all VLANs
associated with the port. Note that since static IP source bindings consume system resources, you
should avoid unnecessary bindings.
Enabling IP source guard per-port-per-VLAN
To enable IP Source Guard per-port-per VLAN, enter commands such as the following.
Brocade(config)#vlan 12 name vlan12
Brocade(config-vlan-12)#untag ethernet 5 to 8
Brocade(config-vlan-12)#tag ethernet 23 to 24
Brocade(config-vlan-12)#exit
Brocade(config)#int e 23
Brocade(config-if-e1000-23)#per-vlan vlan12
Brocade(config-if-e1000-23-vlan-12))#source-guard enable
The commands in this example configure port-based VLAN 12, and add ports e 5 – 8 as untagged
ports and ports e 23 – 24 as tagged ports to the VLAN. The last two commands enable IP Source
Guard on port e 23, a member of VLAN 12.
Syntax: [no] source-guard enable
Enabling IP source guard on a VE
To enable IP Source Guard on a virtual interface, enter commands such as the following.
Brocade(config)#vlan 2
Brocade(config-vlan-2)#tag e1
Added tagged port(s) ethe 1 to port-vlan 2
Brocade(config-vlan-2)#router-int ve 2
Brocade(config-vlan-2)#int ve 2
Brocade(config-vif-2)#source-guard enable e 1
Syntax: [no] source-guard enable
Displaying learned IP addresses
To display the learned IP addresses for IP Source Guard ports, use the CLI commands show ip
source-guard ethernet.