Cisco Nexus 5000 Series Manuale di configurazione - Pagina 2

Sfoglia online o scarica il pdf Manuale di configurazione per Router di rete Cisco Nexus 5000 Series. Cisco Nexus 5000 Series 6. Configuring ip source guard
Anche per Cisco Nexus 5000 Series: Nota di rilascio (26 pagine), Manuale di riferimento rapido (14 pagine), Nota di rilascio (26 pagine), Manuale di riferimento (12 pagine), Manuale di risoluzione dei problemi (8 pagine), Manuale (11 pagine), Manuale (6 pagine), Manuale (7 pagine), Manuale operativo (45 pagine)

Stampa la pagina
Cisco Nexus 5000 Series Manuale di configurazione

Licensing Requirements for IP Source Guard

• IP traffic from static IP source entries that you have configured in the Cisco NX-OS device.
The device permits the IP traffic when DHCP snooping adds a binding table entry for the IP address and MAC
address of an IP packet or when you have configured a static IP source entry.
The device drops IP packets when the IP address and MAC address of the packet do not have a binding table
entry or a static IP source entry. For example, assume that :
MacAddress
----------
00:02:B3:3F:3B:99
If the device receives an IP packet with an IP address of 10.5.5.2, IP Source Guard forwards the packet only
if the MAC address of the packet is 00:02:B3:3F:3B:99.
Licensing Requirements for IP Source Guard
This table shows the licensing requirements for IP Source Guard.
Product
Cisco NX-OS

Prerequisites for IP Source Guard

Guidelines and Limitations for IP Source Guard

IP Source Guard has the following configuration guidelines and limitations:
• IP Source Guard limits IP traffic on an interface to only those sources that have an IP-MAC address
• IP Source Guard is dependent upon DHCP snooping to build and maintain the IP-MAC address binding

Default Settings for IP Source Guard

This table lists the default settings for IP Source Guard parameters.
Table 1: Default IP Source Guard Parameters
Parameters
IP Source Guard
Cisco Nexus 5000 Series NX-OS Security Configuration Guide, Release 5.0(3)N1(1)
2
IpAddress
----------
10.5.5.2
binding table entry or static IP source entry. When you first enable IP Source Guard on an interface,
you may experience disruption in IP traffic until the hosts on the interface receive a new IP address from
a DHCP server.
table or upon manual maintenance of static IP source entries.
LeaseSec
Type
VLAN
---------
------
-------
6943
dhcp-snooping
License Requirement
IP Source Guard requires no license. Any feature not
included in a license package is bundled with the
Cisco NX-OS system images and is provided at no
extra charge to you.
Default
Disabled on each interface.
Configuring IP Source Guard
Interface
---------
10
Ethernet2/3