If you are going to enable mac-notification on an interface, you must enable it globally.
interface FastEthernet0/18
snmp trap mac-notification change added
snmp trap mac-notification change removed
!
snmp-server enable traps mac-notification change move threshold
snmp-server host 192.168.1.2 Private
!
mac-address-table notification change
_______________
IP Source Guard - Filters traffic on manually configured source bindings.
#ip dhcp snooping
#ip dhcp snooping vlan 2
interface fastethernet 0/2#ip verify source
=>enables source IP address filtering
#ip source binding 0000.1111.1111 vlan 2 10.1.1.1 interface fast 0/2
With those commands entered into the switch, it does not check to make sure that the mac address is correct.
If you change the IP on the router interface and the switchport that has ip verify source, the switch will check the IP DHCP snooping binding table, manual binding and if there is no match, the packet will be dropped.
If you add the commands referenced below, the switch will check the mac-address and IP address.
int fa 0/2#switchport port-security
int fa 0/2#ip verify source port-security
show ip source binding
show ip verify source
____________________
Learned something new, why its new I am not sure...
If configuring OSPF over FR Physical interfaces. If you use the "neighbor" command under the OSPF process, you do not need the "broadcast" command with the FR map statements. It makes total sense but for some reason never thought of it.
No comments:
Post a Comment