HNT: Source Guard

# Attack Scenario

Source Guard options:
- Source IP
- Source MAC

Verification Sources
- DHCP Snooping Table/DB
- IP Source Binding Table

! Configure Source Guard
SW2(config)#in fas 0/1
SW2(config-if)#ip verify source port-security
SW2(config-if)#exit

! Set Manual entry in Binding
SW2(config)#ip source binding B827.EB51.1AF6 vlan 123 10.123.0.50 interface fas 0/1

! Verify Source Guard
SW2(config)#do show ip verify source
Interface Filter-type Filter-mode IP-address Mac-address Vlan
--------- ----------- ----------- --------------- ----------------- ----------
Fa0/1 ip-mac active 10.123.0.50 permit-all 123

SW2(config)#do show ip source binding
MacAddress IpAddress Lease(sec) Type VLAN Interface
------------------ --------------- ---------- ------------- ---- --------------------
B8:27:EB:51:1A:F6 10.123.0.50 infinite static 123 FastEthernet0/1
00:0C:29:16:57:AC 10.123.0.5 67853 dhcp-snooping 123 FastEthernet0/2
Total number of bindings: 2

30 July, 2014

Source Guard