Category:Cisco Systems -> Security
IP source guard (IPSG) is a protective function against IP address spoofing attacks. Used to ba a function in Cisco Catalyst Layer 3 switches starting with 3560 series switches and above. Now it is supported in Cisco Catalyst 2960 and 2960-S series switches. IPSG is used in combination with IP DHCP snooping.
Configuration example:
ip dhcp snooping
ip dhcp snooping vlan 100
interface gigabitethernet0/26
ip dhcp snooping trust
exit
interface range fastethernet0/1 - 14
switchport
ip verify source vlan dhcp-snooping port-security
exit
To allocate a static IP address with IPSG turned on use the commands:
interface fastethernet0/15
switchport
exit
ip source binding 0000.1100.0022.aa00 vlan 100 interface gi0/15