CLI Reference Guide-R07
Table Of Contents
- How to Use This Guide
- Contents
- Tables
- Getting Started
- Initial Switch Configuration
- Connecting to the Switch
- Configuring the Switch for Remote Management
- Configuring the Switch for Cloud Management
- Enabling SNMP Management Access
- Managing System Files
- Automatic Installation of Operation Code and Configuration Settings
- Downloading a Configuration File and Other Parameters from a DHCP Server
- Setting the System Clock
- Initial Switch Configuration
- Command Line Interface
- Using the Command Line Interface
- General Commands
- System Management Commands
- SNMP Commands
- Remote Monitoring Commands
- Flow Sampling Commands
- Authentication Commands
- General Security Measures
- Port Security
- Network Access (MAC Address Authentication)
- network-access aging
- network-access mac-filter
- mac-authentication reauth-time
- network-access dynamic-qos
- network-access dynamic-vlan
- network-access guest-vlan
- network-access max- mac-count
- network-access mode mac-authentication
- network-access port- mac-filter
- mac-authentication intrusion-action
- mac-authentication max-mac-count
- clear network-access
- show network-access
- show network-access mac-address-table
- show network-access mac-filter
- Web Authentication
- DHCPv4 Snooping
- ip dhcp snooping
- ip dhcp snooping information option
- ip dhcp snooping information option encode no-subtype
- ip dhcp snooping information option remote-id
- ip dhcp snooping information option tr101 board-id
- ip dhcp snooping information policy
- ip dhcp snooping verify mac-address
- ip dhcp snooping vlan
- ip dhcp snooping information option circuit-id
- ip dhcp snooping max-number
- ip dhcp snooping trust
- clear ip dhcp snooping binding
- clear ip dhcp snooping database flash
- ip dhcp snooping database flash
- show ip dhcp snooping
- show ip dhcp snooping binding
- IPv4 Source Guard
- ARP Inspection
- ip arp inspection
- ip arp inspection filter
- ip arp inspection log-buffer logs
- ip arp inspection validate
- ip arp inspection vlan
- ip arp inspection limit
- ip arp inspection trust
- show ip arp inspection configuration
- show ip arp inspection interface
- show ip arp inspection log
- show ip arp inspection statistics
- show ip arp inspection vlan
- Denial of Service Protection
- Port-based Traffic Segmentation
- Access Control Lists
- Interface Commands
- Link Aggregation Commands
- Power over Ethernet Commands
- Port Mirroring Commands
- Congestion Control Commands
- Loopback Detection Commands
- Address Table Commands
- Smart Pair Commands
- Spanning Tree Commands
- spanning-tree
- spanning-tree cisco-prestandard
- spanning-tree forward-time
- spanning-tree hello-time
- spanning-tree max-age
- spanning-tree mode
- spanning-tree mst configuration
- spanning-tree pathcost method
- spanning-tree priority
- spanning-tree system-bpdu-flooding
- spanning-tree transmission-limit
- max-hops
- mst priority
- mst vlan
- name
- revision
- spanning-tree bpdu-filter
- spanning-tree bpdu-guard
- spanning-tree cost
- spanning-tree edge-port
- spanning-tree link-type
- spanning-tree loopback-detection
- spanning-tree loopback-detection action
- spanning-tree loopback-detection release-mode
- spanning-tree loopback-detection trap
- spanning-tree mst cost
- spanning-tree mst port-priority
- spanning-tree port-bpdu-flooding
- spanning-tree port-priority
- spanning-tree root-guard
- spanning-tree spanning-disabled
- spanning-tree tc-prop-stop
- spanning-tree loopback-detection release
- spanning-tree protocol-migration
- show spanning-tree
- show spanning-tree mst configuration
- VLAN Commands
- Class of Service Commands
- Quality of Service Commands
- Multicast Filtering Commands
- IGMP Snooping
- ip igmp snooping
- ip igmp snooping mrouter-forward- mode dynamic
- ip igmp snooping proxy-reporting
- ip igmp snooping querier
- ip igmp snooping router-alert-option- check
- ip igmp snooping router-port- expire-time
- ip igmp snooping tcn-flood
- ip igmp snooping tcn-query-solicit
- ip igmp snooping unregistered-data- flood
- ip igmp snooping unsolicited-report- interval
- ip igmp snooping version
- ip igmp snooping version-exclusive
- ip igmp snooping vlan general-query- suppression
- ip igmp snooping vlan immediate-leave
- ip igmp snooping vlan last-memb-query- count
- ip igmp snooping vlan last-memb-query- intvl
- ip igmp snooping vlan mrd
- ip igmp snooping vlan proxy-address
- ip igmp snooping vlan query-interval
- ip igmp snooping vlan query-resp-intvl
- ip igmp snooping vlan static
- clear ip igmp snooping groups dynamic
- clear ip igmp snooping statistics
- show ip igmp snooping
- show ip igmp snooping group
- show ip igmp snooping mrouter
- show ip igmp snooping statistics
- Static Multicast Routing
- IGMP Filtering and Throttling
- MLD Snooping
- ipv6 mld snooping
- ipv6 mld snooping proxy-reporting
- ipv6 mld snooping querier
- ipv6 mld snooping query-interval
- ipv6 mld snooping query-max-response- time
- ipv6 mld snooping robustness
- ipv6 mld snooping router-port- expire-time
- ipv6 mld snooping unknown-multicast mode
- ipv6 mld snooping unsolicited-report- interval
- ipv6 mld snooping version
- ipv6 mld snooping vlan immediate-leave
- ipv6 mld snooping vlan mrouter
- ipv6 mld snooping vlan static
- clear ipv6 mld snooping groups dynamic
- clear ipv6 mld snooping statistics
- show ipv6 mld snooping
- show ipv6 mld snooping group
- show ipv6 mld snooping mrouter
- show ipv6 mld snooping statistics
- MLD Filtering and Throttling
- IGMP Snooping
- LLDP Commands
- lldp
- lldp holdtime-multiplier
- lldp med-fast-start- count
- lldp notification-interval
- lldp refresh-interval
- lldp reinit-delay
- lldp tx-delay
- lldp admin-status
- lldp basic-tlv management-ip- address
- lldp basic-tlv port-description
- lldp basic-tlv system-capabilities
- lldp basic-tlv system-description
- lldp basic-tlv system-name
- lldp dot1-tlv proto-ident
- lldp dot1-tlv proto-vid
- lldp dot1-tlv pvid
- lldp dot1-tlv vlan-name
- lldp dot3-tlv link-agg
- lldp dot3-tlv mac-phy
- lldp dot3-tlv max-frame
- lldp dot3-tlv poe
- lldp med-location civic-addr
- lldp med-notification
- lldp med-tlv ext-poe
- lldp med-tlv inventory
- lldp med-tlv location
- lldp med-tlv med-cap
- lldp med-tlv network-policy
- lldp notification
- show lldp config
- show lldp info local-device
- show lldp info remote-device
- show lldp info statistics
- Domain Name Service Commands
- DHCP Commands (IPv4 and IPv6)
- IP Interface Commands
- IP Routing Commands
- Global Routing Configuration
- Routing Information Protocol (RIP)
- router rip
- default-information originate
- default-metric
- distance
- maximum-prefix
- neighbor
- network
- passive-interface
- redistribute
- timers basic
- version
- ip rip authentication mode
- ip rip authentication string
- ip rip receive version
- ip rip receive-packet
- ip rip send version
- ip rip send-packet
- ip rip split-horizon
- clear ip rip route
- clear ip rip statistics
- show ip protocols rip
- show ip rip
- Appendices
- Glossary
- Commands
Chapter 9
| General Security Measures
IPv4 Source Guard
– 307 –
◆ Static bindings are processed as follows:
■
A valid static IP source guard entry will be added to the binding table in
ACL mode if one of the following conditions is true:
■
If there is no binding entry with the same VLAN ID and MAC address, a
new entry will be added to the binding table using the type of static IP
source guard binding.
■
If there is an entry with the same VLAN ID and MAC address, and the
type of entry is static IP source guard binding, then the new entry will
replace the old one.
■
If there is an entry with the same VLAN ID and MAC address, and the
type of the entry is dynamic DHCP snooping binding, then the new
entry will replace the old one and the entry type will be changed to
static IP source guard binding.
■
A valid static IP source guard entry will be added to the binding table in
MAC mode if one of the following conditions are true:
■
If there is no binding entry with the same IP address and MAC address,
a new entry will be added to the binding table using the type of static
IP source guard binding entry.
■
If there is a binding entry with same IP address and MAC address, then
the new entry shall replace the old one.
◆ Only unicast addresses are accepted for static bindings.
Example
This example configures a static source-guard binding on port 5. Since the binding
mode is not specified, the entry is bound to the ACL table by default.
Console(config)#ip source-guard binding 11-22-33-44-55-66 vlan 1 192.168.0.99
interface ethernet 1/5
Console(config-if)#
Related Commands
ip source-guard (308)
ip dhcp snooping (291)
ip dhcp snooping vlan (299)