"IP Source Guard" provides security on Layer 2 interfaces, this feature is
used to filter traffic by using the DHCP Snooping Database. The snooping
Database can be populated statically (manually configuring entries in the
snooping database) or dynamically (If the hosts are dhcp clients and they
are connected to untrusted ports). Basically with this feature you have
couple of choices:
1. Filter traffic based on the source IP address. (IP verify source)
2. Filter traffic based on the source MAC and IP addresses. (IP verify
source port-security)
*Prerequisites:*
1. Remember that this feature (no matter which option is used) requires
that "IP Dhcp snooping' and "IP dhcp snooping vlan xxxx" be configured.
2. If the second option is used you MUST have "port-security" enabled,
using "Switchport port-security" command.
If you want to read more about it, read the "IP source guard" feature on
3560 switches.
On Fri, Jun 4, 2010 at 8:09 AM, Ant Lefebvre <ccie.eicc_at_gmail.com> wrote:
> I'm a little confused as to what the difference is with these two commands
>
> ip verify source and ip verify source port-security
>
> From what I can tell they do the same thing. In what situation would I use
> one and not the other? Thanks.
>
> --
> -Ant
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
>
-- Narbik Kocharians CCSI#30832, CCIE# 12410 (R&S, SP, Security) www.MicronicsTraining.com Sr. Technical Instructor YES! We take Cisco Learning Credits! Training And Remote Racks available Blogs and organic groups at http://www.ccie.netReceived on Fri Jun 04 2010 - 08:51:11 ART
This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 09:11:37 ART